Differential D17212 Diff 41400 src/applications/auth/controller/PhabricatorAuthRegisterController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthRegisterController.php
Show First 20 Lines • Show All 48 Lines • ▼ Show 20 Lines | if (!$provider->shouldAllowRegistration()) { | ||||
'The account you are attempting to register with uses an '. | 'The account you are attempting to register with uses an '. | ||||
'authentication provider ("%s") which does not allow '. | 'authentication provider ("%s") which does not allow '. | ||||
'registration. An administrator may have recently disabled '. | 'registration. An administrator may have recently disabled '. | ||||
'registration with this provider.', | 'registration with this provider.', | ||||
$provider->getProviderName())); | $provider->getProviderName())); | ||||
} | } | ||||
} | } | ||||
$errors = array(); | |||||
$user = new PhabricatorUser(); | $user = new PhabricatorUser(); | ||||
$default_username = $account->getUsername(); | $default_username = $account->getUsername(); | ||||
$default_realname = $account->getRealName(); | $default_realname = $account->getRealName(); | ||||
$default_email = $account->getEmail(); | $default_email = $account->getEmail(); | ||||
if ($invite) { | if ($invite) { | ||||
$default_email = $invite->getEmailAddress(); | $default_email = $invite->getEmailAddress(); | ||||
} | } | ||||
if ($default_email !== null) { | |||||
if (!PhabricatorUserEmail::isValidAddress($default_email)) { | if (!PhabricatorUserEmail::isValidAddress($default_email)) { | ||||
$errors[] = pht( | |||||
'The email address associated with this external account ("%s") is '. | |||||
'not a valid email address and can not be used to register a '. | |||||
'Phabricator account. Choose a different, valid address.', | |||||
phutil_tag('strong', array(), $default_email)); | |||||
$default_email = null; | $default_email = null; | ||||
} | } | ||||
} | |||||
if ($default_email !== null) { | if ($default_email !== null) { | ||||
// We should bypass policy here becase e.g. limiting an application use | // We should bypass policy here becase e.g. limiting an application use | ||||
// to a subset of users should not allow the others to overwrite | // to a subset of users should not allow the others to overwrite | ||||
// configured application emails | // configured application emails. | ||||
$application_email = id(new PhabricatorMetaMTAApplicationEmailQuery()) | $application_email = id(new PhabricatorMetaMTAApplicationEmailQuery()) | ||||
->setViewer(PhabricatorUser::getOmnipotentUser()) | ->setViewer(PhabricatorUser::getOmnipotentUser()) | ||||
->withAddresses(array($default_email)) | ->withAddresses(array($default_email)) | ||||
->executeOne(); | ->executeOne(); | ||||
if ($application_email) { | if ($application_email) { | ||||
$errors[] = pht( | |||||
'The email address associated with this account ("%s") is '. | |||||
'already in use by an application and can not be used to '. | |||||
'register a new Phabricator account. Choose a different, valid '. | |||||
'address.', | |||||
phutil_tag('strong', array(), $default_email)); | |||||
$default_email = null; | $default_email = null; | ||||
} | } | ||||
} | } | ||||
$show_existing = null; | |||||
if ($default_email !== null) { | if ($default_email !== null) { | ||||
// If the account source provided an email, but it's not allowed by | // If the account source provided an email, but it's not allowed by | ||||
// the configuration, roadblock the user. Previously, we let the user | // the configuration, roadblock the user. Previously, we let the user | ||||
// pick a valid email address instead, but this does not align well with | // pick a valid email address instead, but this does not align well with | ||||
// user expectation and it's not clear the cases it enables are valuable. | // user expectation and it's not clear the cases it enables are valuable. | ||||
// See discussion in T3472. | // See discussion in T3472. | ||||
if (!PhabricatorUserEmail::isAllowedAddress($default_email)) { | if (!PhabricatorUserEmail::isAllowedAddress($default_email)) { | ||||
$debug_email = new PHUIInvisibleCharacterView($default_email); | $debug_email = new PHUIInvisibleCharacterView($default_email); | ||||
return $this->renderError( | return $this->renderError( | ||||
array( | array( | ||||
pht( | pht( | ||||
'The account you are attempting to register with has an invalid '. | 'The account you are attempting to register with has an invalid '. | ||||
'email address (%s). This Phabricator install only allows '. | 'email address (%s). This Phabricator install only allows '. | ||||
'registration with specific email addresses:', | 'registration with specific email addresses:', | ||||
$debug_email), | $debug_email), | ||||
phutil_tag('br'), | phutil_tag('br'), | ||||
phutil_tag('br'), | phutil_tag('br'), | ||||
PhabricatorUserEmail::describeAllowedAddresses(), | PhabricatorUserEmail::describeAllowedAddresses(), | ||||
)); | )); | ||||
} | } | ||||
// If the account source provided an email, but another account already | // If the account source provided an email, but another account already | ||||
// has that email, just pretend we didn't get an email. | // has that email, just pretend we didn't get an email. | ||||
// TODO: See T3472. | |||||
if ($default_email !== null) { | if ($default_email !== null) { | ||||
$same_email = id(new PhabricatorUserEmail())->loadOneWhere( | $same_email = id(new PhabricatorUserEmail())->loadOneWhere( | ||||
'address = %s', | 'address = %s', | ||||
$default_email); | $default_email); | ||||
if ($same_email) { | if ($same_email) { | ||||
if ($invite) { | if ($invite) { | ||||
// We're allowing this to continue. The fact that we loaded the | // We're allowing this to continue. The fact that we loaded the | ||||
// invite means that the address is nonprimary and unverified and | // invite means that the address is nonprimary and unverified and | ||||
// we're OK to steal it. | // we're OK to steal it. | ||||
} else { | } else { | ||||
$show_existing = $default_email; | |||||
$default_email = null; | $default_email = null; | ||||
} | } | ||||
} | } | ||||
} | } | ||||
} | } | ||||
if ($show_existing !== null) { | |||||
if (!$request->getInt('phase')) { | |||||
return $this->newDialog() | |||||
->setTitle(pht('Email Address Already in Use')) | |||||
->addHiddenInput('phase', 1) | |||||
->appendParagraph( | |||||
pht( | |||||
'You are creating a new Phabricator account linked to an '. | |||||
'existing external account from outside Phabricator.')) | |||||
->appendParagraph( | |||||
pht( | |||||
'The email address ("%s") associated with the external account '. | |||||
'is already in use by an existing Phabricator account. Multiple '. | |||||
'Phabricator accounts may not have the same email address, so '. | |||||
'you can not use this email address to register a new '. | |||||
'Phabricator account.', | |||||
phutil_tag('strong', array(), $show_existing))) | |||||
->appendParagraph( | |||||
pht( | |||||
'If you want to register a new account, continue with this '. | |||||
'registration workflow and choose a new, unique email address '. | |||||
'for the new account.')) | |||||
->appendParagraph( | |||||
pht( | |||||
'If you want to link an existing Phabricator account to this '. | |||||
'external account, do not continue. Instead: log in to your '. | |||||
'existing account, then go to "Settings" and link the account '. | |||||
'in the "External Accounts" panel.')) | |||||
->appendParagraph( | |||||
pht( | |||||
'If you continue, you will create a new account. You will not '. | |||||
'be able to link this external account to an existing account.')) | |||||
->addCancelButton('/auth/login/', pht('Cancel')) | |||||
->addSubmitButton(pht('Create New Account')); | |||||
} else { | |||||
$errors[] = pht( | |||||
'The external account you are registering with has an email address '. | |||||
'that is already in use ("%s") by an existing Phabricator account. '. | |||||
'Choose a new, valid email address to register a new Phabricator '. | |||||
'account.', | |||||
phutil_tag('strong', array(), $show_existing)); | |||||
} | |||||
} | |||||
$profile = id(new PhabricatorRegistrationProfile()) | $profile = id(new PhabricatorRegistrationProfile()) | ||||
->setDefaultUsername($default_username) | ->setDefaultUsername($default_username) | ||||
->setDefaultEmail($default_email) | ->setDefaultEmail($default_email) | ||||
->setDefaultRealName($default_realname) | ->setDefaultRealName($default_realname) | ||||
->setCanEditUsername(true) | ->setCanEditUsername(true) | ||||
->setCanEditEmail(($default_email === null)) | ->setCanEditEmail(($default_email === null)) | ||||
->setCanEditRealName(true) | ->setCanEditRealName(true) | ||||
->setShouldVerifyEmail(false); | ->setShouldVerifyEmail(false); | ||||
Show All 27 Lines | if ($is_setup) { | ||||
$force_verify = true; | $force_verify = true; | ||||
} | } | ||||
$value_username = $default_username; | $value_username = $default_username; | ||||
$value_realname = $default_realname; | $value_realname = $default_realname; | ||||
$value_email = $default_email; | $value_email = $default_email; | ||||
$value_password = null; | $value_password = null; | ||||
$errors = array(); | |||||
$require_real_name = PhabricatorEnv::getEnvConfig('user.require-real-name'); | $require_real_name = PhabricatorEnv::getEnvConfig('user.require-real-name'); | ||||
$e_username = strlen($value_username) ? null : true; | $e_username = strlen($value_username) ? null : true; | ||||
$e_realname = $require_real_name ? true : null; | $e_realname = $require_real_name ? true : null; | ||||
$e_email = strlen($value_email) ? null : true; | $e_email = strlen($value_email) ? null : true; | ||||
$e_password = true; | $e_password = true; | ||||
$e_captcha = true; | $e_captcha = true; | ||||
$skip_captcha = false; | $skip_captcha = false; | ||||
if ($invite) { | if ($invite) { | ||||
// If the user is accepting an invite, assume they're trustworthy enough | // If the user is accepting an invite, assume they're trustworthy enough | ||||
// that we don't need to CAPTCHA them. | // that we don't need to CAPTCHA them. | ||||
$skip_captcha = true; | $skip_captcha = true; | ||||
} | } | ||||
$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | ||||
$min_len = (int)$min_len; | $min_len = (int)$min_len; | ||||
$from_invite = $request->getStr('invite'); | $from_invite = $request->getStr('invite'); | ||||
if ($from_invite && $can_edit_username) { | if ($from_invite && $can_edit_username) { | ||||
$value_username = $request->getStr('username'); | $value_username = $request->getStr('username'); | ||||
$e_username = null; | $e_username = null; | ||||
} | } | ||||
if (($request->isFormPost() || !$can_edit_anything) && !$from_invite) { | $try_register = | ||||
($request->isFormPost() || !$can_edit_anything) && | |||||
!$from_invite && | |||||
($request->getInt('phase') != 1); | |||||
if ($try_register) { | |||||
$errors = array(); | |||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
if ($must_set_password && !$skip_captcha) { | if ($must_set_password && !$skip_captcha) { | ||||
$e_captcha = pht('Again'); | $e_captcha = pht('Again'); | ||||
$captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request); | $captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request); | ||||
if (!$captcha_ok) { | if (!$captcha_ok) { | ||||
$errors[] = pht('Captcha response is incorrect, try again.'); | $errors[] = pht('Captcha response is incorrect, try again.'); | ||||
▲ Show 20 Lines • Show All 192 Lines • ▼ Show 20 Lines | if ($try_register) { | ||||
} | } | ||||
} | } | ||||
} | } | ||||
unset($unguarded); | unset($unguarded); | ||||
} | } | ||||
$form = id(new AphrontFormView()) | $form = id(new AphrontFormView()) | ||||
->setUser($request->getUser()); | ->setUser($request->getUser()) | ||||
->addHiddenInput('phase', 2); | |||||
if (!$is_default) { | if (!$is_default) { | ||||
$form->appendChild( | $form->appendChild( | ||||
id(new AphrontFormMarkupControl()) | id(new AphrontFormMarkupControl()) | ||||
->setLabel(pht('External Account')) | ->setLabel(pht('External Account')) | ||||
->setValue( | ->setValue( | ||||
id(new PhabricatorAuthAccountView()) | id(new PhabricatorAuthAccountView()) | ||||
->setUser($request->getUser()) | ->setUser($request->getUser()) | ||||
▲ Show 20 Lines • Show All 244 Lines • Show Last 20 Lines |