Differential D20111

During first-time setup, create an administrator account with no authentication instead of weird, detached authentication
ClosedPublic
Actions

Authored by epriestley on Wed, Feb 6, 11:33 PM.

Details

Reviewers

amckinley

Maniphest Tasks

T6703: Allow multiple copies of the same auth provider type

Commits

rP55c18bc90041: During first-time setup, create an administrator account with no authentication…

Summary

Ref T6703. Currently, when you create an account on a new install, we prompt you to select a password.

You can't actually use that password unless you set up a password provider, and that password can't be associated with a provider since a password provider won't exist yet.

Instead, just don't ask for a password: create an account with a username and an email address only. Setup guidance points you toward Auth.

If you lose the session, you can send yourself an email link (if email works yet) or bin/auth recover it. This isn't really much different than the pre-change behavior, since you can't use the password you set anyway until you configure password auth.

This also makes fixing T9512 more important, which I'll do in a followup. I also plan to add slightly better guideposts toward Auth.

Test Plan

Hit first-time setup, created an account.

Diff Detail

Repository

rP Phabricator

Lint

Automatic diff as part of commit; lint not applicable.

Unit

Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Wed, Feb 6, 11:33 PM

Herald added a subscriber: revi. · View Herald TranscriptWed, Feb 6, 11:33 PM

Harbormaster completed remote builds in B21860: Diff 48020.Wed, Feb 6, 11:35 PM

epriestley requested review of this revision.Wed, Feb 6, 11:35 PM

epriestley added a child revision: D20112: Give ExternalAccount a providerConfigPHID, tying it to a particular provider.Wed, Feb 6, 11:50 PM

amckinley accepted this revision.Thu, Feb 7, 6:40 PM

This revision is now accepted and ready to land.Thu, Feb 7, 6:40 PM

Closed by commit rP55c18bc90041: During first-time setup, create an administrator account with no authentication… (authored by epriestley). · Explain WhyTue, Feb 12, 10:47 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

			Path	Packages
M			src/applications/auth/controller/PhabricatorAuthRegisterController.php (118 lines)
M			src/applications/people/storage/PhabricatorUser.php (2 lines)
M			src/applications/people/storage/PhabricatorUserEmail.php (5 lines)
M			src/docs/user/configuration/configuring_accounts_and_registration.diviner (32 lines)

Diff	ID	Base	Description	Created	Lint	Unit
Base			Base
Diff 1	48020	970993a		Wed, Feb 6, 11:33 PM	★	★
Diff 2	48127	378a43d	rP55c18bc90041f15759f62eaa44e31e5f61359be1	Tue, Feb 12, 10:47 PM	★	★

Status	Author	Revision
Closed	epriestley	D20123 Allow users to be approved from the profile "Manage" page, alongside other similar actions
Closed	epriestley	D20122 On login forms, autofocus the "username" field
Closed	epriestley	D20120 When users have no password on their account, guide them through the "reset password" flow in the guise of "set password"
Closed	epriestley	D20119 Don't show "registration might be too open" warnings unless an auth provider actually allows registration
Closed	epriestley	D20118 Allow users to register with non-registration providers if they are invited to an instance
Closed	epriestley	D20117 Make external link/refresh use provider IDs, switch external account MFA to one-shot
Closed	epriestley	D20113 Make external account unlinking use account IDs, not "providerType + providerDomain" nonsense
Closed	epriestley	D20112 Give ExternalAccount a providerConfigPHID, tying it to a particular provider
Closed	epriestley	D20111 During first-time setup, create an administrator account with no authentication instead of weird, detached authentication