Make auth provider autologin modular and implement it for all OAuth2 adapters
Summary: Ref T10785. Around the time we launched Phacility SAAS we implemented this weird autologin hack. It works fine, so clean it up, get rid of the `instanceof` stuff, and support it for any OAuth2 provider. (We could conceivably support OAuth1 as well, but no one has expressed an interest in it and I don't think I have any OAuth1 providers configured correctly locally so it would take a little bit to set up and test.) Test Plan: - Configured OAuth2 adapters (Facebook) for auto-login. - Saw no config option on other adapters (LDAP). - Nuked all options but one, did autologin with Facebook and Phabricator. - Logged out, got logout screen. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10785 Differential Revision: https://secure.phabricator.com/D16060
This commit is contained in:
@@ -113,17 +113,9 @@ final class PhabricatorAuthStartController
|
||||
PhabricatorCookies::setClientIDCookie($request);
|
||||
}
|
||||
|
||||
if (!$request->getURIData('loggedout') && count($providers) == 1) {
|
||||
$auto_login_provider = head($providers);
|
||||
$auto_login_config = $auto_login_provider->getProviderConfig();
|
||||
if ($auto_login_provider instanceof PhabricatorPhabricatorAuthProvider &&
|
||||
$auto_login_config->getShouldAutoLogin()) {
|
||||
$auto_login_adapter = $provider->getAdapter();
|
||||
$auto_login_adapter->setState($provider->getAuthCSRFCode($request));
|
||||
return id(new AphrontRedirectResponse())
|
||||
->setIsExternal(true)
|
||||
->setURI($provider->getAdapter()->getAuthenticateURI());
|
||||
}
|
||||
$auto_response = $this->tryAutoLogin($providers);
|
||||
if ($auto_response) {
|
||||
return $auto_response;
|
||||
}
|
||||
|
||||
$invite = $this->loadInvite();
|
||||
@@ -282,4 +274,35 @@ final class PhabricatorAuthStartController
|
||||
array($message));
|
||||
}
|
||||
|
||||
private function tryAutoLogin(array $providers) {
|
||||
$request = $this->getRequest();
|
||||
|
||||
// If the user just logged out, don't immediately log them in again.
|
||||
if ($request->getURIData('loggedout')) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// If we have more than one provider, we can't autologin because we
|
||||
// don't know which one the user wants.
|
||||
if (count($providers) != 1) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$provider = head($providers);
|
||||
if (!$provider->supportsAutoLogin()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$config = $provider->getProviderConfig();
|
||||
if (!$config->getShouldAutoLogin()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$auto_uri = $provider->getAutoLoginURI($request);
|
||||
|
||||
return id(new AphrontRedirectResponse())
|
||||
->setIsExternal(true)
|
||||
->setURI($auto_uri);
|
||||
}
|
||||
|
||||
}
|
||||
|
@@ -130,7 +130,7 @@ final class PhabricatorAuthEditController
|
||||
PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS)
|
||||
->setNewValue($request->getInt('trustEmails', 0));
|
||||
|
||||
if ($provider instanceof PhabricatorPhabricatorAuthProvider) {
|
||||
if ($provider->supportsAutoLogin()) {
|
||||
$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
|
||||
->setTransactionType(
|
||||
PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN)
|
||||
@@ -314,7 +314,7 @@ final class PhabricatorAuthEditController
|
||||
$v_trust_email));
|
||||
}
|
||||
|
||||
if ($provider instanceof PhabricatorPhabricatorAuthProvider) {
|
||||
if ($provider->supportsAutoLogin()) {
|
||||
$form->appendChild(
|
||||
id(new AphrontFormCheckboxControl())
|
||||
->addCheckbox(
|
||||
|
@@ -495,4 +495,12 @@ abstract class PhabricatorAuthProvider extends Phobject {
|
||||
}
|
||||
}
|
||||
|
||||
public function supportsAutoLogin() {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getAutoLoginURI(AphrontRequest $request) {
|
||||
throw new PhutilMethodNotImplementedException();
|
||||
}
|
||||
|
||||
}
|
||||
|
@@ -273,4 +273,17 @@ abstract class PhabricatorOAuth2AuthProvider
|
||||
parent::willRenderLinkedAccount($viewer, $item, $account);
|
||||
}
|
||||
|
||||
public function supportsAutoLogin() {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function getAutoLoginURI(AphrontRequest $request) {
|
||||
$csrf_code = $this->getAuthCSRFCode($request);
|
||||
|
||||
$adapter = $this->getAdapter();
|
||||
$adapter->setState($csrf_code);
|
||||
|
||||
return $adapter->getAuthenticateURI();
|
||||
}
|
||||
|
||||
}
|
||||
|
Reference in New Issue
Block a user