Make auth provider autologin modular and implement it for all OAuth2 adapters
Summary: Ref T10785. Around the time we launched Phacility SAAS we implemented this weird autologin hack. It works fine, so clean it up, get rid of the `instanceof` stuff, and support it for any OAuth2 provider. (We could conceivably support OAuth1 as well, but no one has expressed an interest in it and I don't think I have any OAuth1 providers configured correctly locally so it would take a little bit to set up and test.) Test Plan: - Configured OAuth2 adapters (Facebook) for auto-login. - Saw no config option on other adapters (LDAP). - Nuked all options but one, did autologin with Facebook and Phabricator. - Logged out, got logout screen. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10785 Differential Revision: https://secure.phabricator.com/D16060
This commit is contained in:
epriestley
@@ -113,17 +113,9 @@ final class PhabricatorAuthStartController
|
||||
PhabricatorCookies::setClientIDCookie($request);
|
||||
}
|
||||
|
||||
if (!$request->getURIData('loggedout') && count($providers) == 1) {
|
||||
$auto_login_provider = head($providers);
|
||||
$auto_login_config = $auto_login_provider->getProviderConfig();
|
||||
if ($auto_login_provider instanceof PhabricatorPhabricatorAuthProvider &&
|
||||
$auto_login_config->getShouldAutoLogin()) {
|
||||
$auto_login_adapter = $provider->getAdapter();
|
||||
$auto_login_adapter->setState($provider->getAuthCSRFCode($request));
|
||||
return id(new AphrontRedirectResponse())
|
||||
->setIsExternal(true)
|
||||
->setURI($provider->getAdapter()->getAuthenticateURI());
|
||||
}
|
||||
$auto_response = $this->tryAutoLogin($providers);
|
||||
if ($auto_response) {
|
||||
return $auto_response;
|
||||
}
|
||||
|
||||
$invite = $this->loadInvite();
|
||||
@@ -282,4 +274,35 @@ final class PhabricatorAuthStartController
|
||||
array($message));
|
||||
}
|
||||
|
||||
private function tryAutoLogin(array $providers) {
|
||||
$request = $this->getRequest();
|
||||
|
||||
// If the user just logged out, don't immediately log them in again.
|
||||
if ($request->getURIData('loggedout')) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// If we have more than one provider, we can't autologin because we
|
||||
// don't know which one the user wants.
|
||||
if (count($providers) != 1) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$provider = head($providers);
|
||||
if (!$provider->supportsAutoLogin()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$config = $provider->getProviderConfig();
|
||||
if (!$config->getShouldAutoLogin()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$auto_uri = $provider->getAutoLoginURI($request);
|
||||
|
||||
return id(new AphrontRedirectResponse())
|
||||
->setIsExternal(true)
|
||||
->setURI($auto_uri);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user