Page MenuHomePhabricator
Files F15421644

D20400.id48681.diff
No OneTemporary
Actions

D20400.id48681.diff
View Options

diff --git a/resources/celerity/map.php b/resources/celerity/map.php
--- a/resources/celerity/map.php
+++ b/resources/celerity/map.php
@@ -9,7 +9,7 @@
'names' => array(
'conpherence.pkg.css' => '3c8a0668',
'conpherence.pkg.js' => '020aebcf',
- 'core.pkg.css' => 'dacb981b',
+ 'core.pkg.css' => '856cc61b',
'core.pkg.js' => 'c783d8f6',
'differential.pkg.css' => '8d8360fb',
'differential.pkg.js' => '67e02996',
@@ -160,7 +160,7 @@
'rsrc/css/phui/phui-icon-set-selector.css' => '7aa5f3ec',
'rsrc/css/phui/phui-icon.css' => '4cbc684a',
'rsrc/css/phui/phui-image-mask.css' => '62c7f4d2',
- 'rsrc/css/phui/phui-info-view.css' => '37b8d9ce',
+ 'rsrc/css/phui/phui-info-view.css' => 'a10a909b',
'rsrc/css/phui/phui-invisible-character-view.css' => 'c694c4a4',
'rsrc/css/phui/phui-left-right.css' => '68513c34',
'rsrc/css/phui/phui-lightbox.css' => '4ebf22da',
@@ -842,7 +842,7 @@
'phui-icon-set-selector-css' => '7aa5f3ec',
'phui-icon-view-css' => '4cbc684a',
'phui-image-mask-css' => '62c7f4d2',
- 'phui-info-view-css' => '37b8d9ce',
+ 'phui-info-view-css' => 'a10a909b',
'phui-inline-comment-view-css' => '48acce5b',
'phui-invisible-character-view-css' => 'c694c4a4',
'phui-left-right-css' => '68513c34',
diff --git a/src/applications/auth/controller/config/PhabricatorAuthListController.php b/src/applications/auth/controller/config/PhabricatorAuthListController.php
--- a/src/applications/auth/controller/config/PhabricatorAuthListController.php
+++ b/src/applications/auth/controller/config/PhabricatorAuthListController.php
@@ -13,6 +13,7 @@
$list = new PHUIObjectItemListView();
$can_manage = $this->hasApplicationCapability(
AuthManageProvidersCapability::CAPABILITY);
+ $is_locked = PhabricatorEnv::getEnvConfig('auth.lock-config');
foreach ($configs as $config) {
$item = new PHUIObjectItemView();
@@ -69,7 +70,8 @@
$crumbs->addTextCrumb(pht('Login and Registration'));
$crumbs->setBorder(true);
- $guidance_context = new PhabricatorAuthProvidersGuidanceContext();
+ $guidance_context = id(new PhabricatorAuthProvidersGuidanceContext())
+ ->setCanManage($can_manage);
$guidance = id(new PhabricatorGuidanceEngine())
->setViewer($viewer)
@@ -81,7 +83,7 @@
->setButtonType(PHUIButtonView::BUTTONTYPE_SIMPLE)
->setHref($this->getApplicationURI('config/new/'))
->setIcon('fa-plus')
- ->setDisabled(!$can_manage)
+ ->setDisabled(!$can_manage || $is_locked)
->setText(pht('Add Provider'));
$list->setFlush(true);
diff --git a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceContext.php b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceContext.php
--- a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceContext.php
+++ b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceContext.php
@@ -1,4 +1,17 @@
<?php
final class PhabricatorAuthProvidersGuidanceContext
- extends PhabricatorGuidanceContext {}
+ extends PhabricatorGuidanceContext {
+
+ private $canManage = false;
+
+ public function setCanManage($can_manage) {
+ $this->canManage = $can_manage;
+ return $this;
+ }
+
+ public function getCanManage() {
+ return $this->canManage;
+ }
+
+}
diff --git a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php
--- a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php
+++ b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php
@@ -92,6 +92,25 @@
->setMessage($message);
}
+ $locked_config_key = 'auth.lock-config';
+ $is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
+ if ($is_locked) {
+ $message = pht(
+ 'Authentication provider configuration is locked, and can not be '.
+ 'changed without being unlocked. See the configuration setting %s '.
+ 'for details.',
+ phutil_tag(
+ 'a',
+ array(
+ 'href' => '/config/edit/'.$locked_config_key,
+ ),
+ pht('%s', $locked_config_key)));
+
+ $results[] = $this->newWarning('auth.locked-config')
+ ->setPriority(500)
+ ->setMessage($message);
+ }
+
return $results;
}
diff --git a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
--- a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
+++ b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
@@ -85,13 +85,13 @@
'configuration from the CLI before it can be edited.'))
->setDescription(
pht(
- 'Normally, administrators configure authentication providers only '.
- 'once, immediately after instance creation. To further secure '.
- 'your instance, you can set this configuration option to `true`, '.
- 'which will require an adminstrator with CLI access to run '.
- '`bin/auth unlock` to make any later changes to authentication '.
- "provider configuration.\n\nAfter changing the config, you should ".
- 'run `bin/auth lock` again from the CLI.'))
+ 'When set to `true`, the authentication provider configuration '.
+ 'for this instance can not be modified without first running '.
+ '`bin/auth unlock` from the command line. This is to reduce '.
+ 'the security impact of a compromised administrator account. '.
+ "\n\n".
+ 'After running `bin/auth unlock` and making your changes to the '.
+ 'authentication provider config, you should run `bin/auth lock`.'))
->setLocked(true),
$this->newOption('account.editable', 'bool', true)
->setBoolOptions(
diff --git a/webroot/rsrc/css/phui/phui-info-view.css b/webroot/rsrc/css/phui/phui-info-view.css
--- a/webroot/rsrc/css/phui/phui-info-view.css
+++ b/webroot/rsrc/css/phui/phui-info-view.css
@@ -74,8 +74,8 @@
}
.phui-info-view-list {
- margin: 0;
- list-style: none;
+ margin-left: 30px;
+ list-style: disc;
line-height: 1.6em;
}

File Metadata

Mime Type
text/plain
Expires
Sun, Mar 23, 1:30 AM (2 w, 1 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7717674
Default Alt Text
D20400.id48681.diff (6 KB)

Event Timeline

Phabricator · Built by Phacility