Page MenuHomePhabricator
Differential D21012 Diff 50075 src/applications/auth/adapter/PhutilAuthAdapter.php

Changeset View

Standalone View

View Options

src/applications/auth/adapter/PhutilAuthAdapter.php

<?php <?php
/** /**
* Abstract interface to an identity provider or authentication source, like * Abstract interface to an identity provider or authentication source, like
* Twitter, Facebook or Google. * Twitter, Facebook, or Google.
* *
* Generally, adapters are handed some set of credentials particular to the * Generally, adapters are handed some set of credentials particular to the
* provider they adapt, and they turn those credentials into standard * provider they adapt, and they turn those credentials into standard
* information about the user's identity. For example, the LDAP adapter is given * information about the user's identity. For example, the LDAP adapter is given
* a username and password (and some other configuration information), uses them * a username and password (and some other configuration information), uses them
* to talk to the LDAP server, and produces a username, email, and so forth. * to talk to the LDAP server, and produces a username, email, and so forth.
* *
* Since the credentials a provider requires are specific to each provider, the * Since the credentials a provider requires are specific to each provider, the
* base adapter does not specify how an adapter should be constructed or * base adapter does not specify how an adapter should be constructed or
* configured -- only what information it is expected to be able to provide once * configured -- only what information it is expected to be able to provide once
* properly configured. * properly configured.
*/ */
abstract class PhutilAuthAdapter extends Phobject { abstract class PhutilAuthAdapter extends Phobject {
final public function getAccountIdentifiers() {
$result = $this->newAccountIdentifiers();
assert_instances_of($result, 'PhabricatorExternalAccountIdentifier');
return $result;
}
protected function newAccountIdentifiers() {
$identifiers = array();
$raw_identifier = $this->getAccountID();
if ($raw_identifier !== null) {
$identifiers[] = $this->newAccountIdentifier($raw_identifier);
}
return $identifiers;
}
/** /**
* Get a unique identifier associated with the identity. For most providers, * Get a unique identifier associated with the account.
* this is an account ID.
* *
* The account ID needs to be unique within this adapter's configuration, such * This identifier should be permanent, immutable, and uniquely identify
* that `<adapterKey, accountID>` is globally unique and always identifies the * the account. If possible, it should be nonsensitive. For providers that
* same identity. * have a GUID or PHID value for accounts, these are the best values to use.
*
* You can implement @{method:newAccountIdentifiers} instead if a provider
* is unable to emit identifiers with all of these properties.
* *
* If the adapter was unable to authenticate an identity, it should return * If the adapter was unable to authenticate an identity, it should return
* `null`. * `null`.
* *
* @return string|null Unique account identifier, or `null` if authentication * @return string|null Unique account identifier, or `null` if authentication
* failed. * failed.
*/ */
abstract public function getAccountID(); public function getAccountID() {
throw new PhutilMethodNotImplementedException();
}
/** /**
* Get a string identifying this adapter, like "ldap". This string should be * Get a string identifying this adapter, like "ldap". This string should be
* unique to the adapter class. * unique to the adapter class.
* *
* @return string Unique adapter identifier. * @return string Unique adapter identifier.
*/ */
▲ Show 20 LinesShow All 81 LinesShow Last 20 Lines
Phabricator · Built by Phacility