Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/adapter/PhutilAuthAdapter.php
<?php | <?php | ||||
/** | /** | ||||
* Abstract interface to an identity provider or authentication source, like | * Abstract interface to an identity provider or authentication source, like | ||||
* Twitter, Facebook or Google. | * Twitter, Facebook, or Google. | ||||
* | * | ||||
* Generally, adapters are handed some set of credentials particular to the | * Generally, adapters are handed some set of credentials particular to the | ||||
* provider they adapt, and they turn those credentials into standard | * provider they adapt, and they turn those credentials into standard | ||||
* information about the user's identity. For example, the LDAP adapter is given | * information about the user's identity. For example, the LDAP adapter is given | ||||
* a username and password (and some other configuration information), uses them | * a username and password (and some other configuration information), uses them | ||||
* to talk to the LDAP server, and produces a username, email, and so forth. | * to talk to the LDAP server, and produces a username, email, and so forth. | ||||
* | * | ||||
* Since the credentials a provider requires are specific to each provider, the | * Since the credentials a provider requires are specific to each provider, the | ||||
* base adapter does not specify how an adapter should be constructed or | * base adapter does not specify how an adapter should be constructed or | ||||
* configured -- only what information it is expected to be able to provide once | * configured -- only what information it is expected to be able to provide once | ||||
* properly configured. | * properly configured. | ||||
*/ | */ | ||||
abstract class PhutilAuthAdapter extends Phobject { | abstract class PhutilAuthAdapter extends Phobject { | ||||
final public function getAccountIdentifiers() { | |||||
$result = $this->newAccountIdentifiers(); | |||||
assert_instances_of($result, 'PhabricatorExternalAccountIdentifier'); | |||||
return $result; | |||||
} | |||||
protected function newAccountIdentifiers() { | |||||
$identifiers = array(); | |||||
$raw_identifier = $this->getAccountID(); | |||||
if ($raw_identifier !== null) { | |||||
$identifiers[] = $this->newAccountIdentifier($raw_identifier); | |||||
} | |||||
return $identifiers; | |||||
} | |||||
/** | /** | ||||
* Get a unique identifier associated with the identity. For most providers, | * Get a unique identifier associated with the account. | ||||
* this is an account ID. | |||||
* | * | ||||
* The account ID needs to be unique within this adapter's configuration, such | * This identifier should be permanent, immutable, and uniquely identify | ||||
* that `<adapterKey, accountID>` is globally unique and always identifies the | * the account. If possible, it should be nonsensitive. For providers that | ||||
* same identity. | * have a GUID or PHID value for accounts, these are the best values to use. | ||||
* | |||||
* You can implement @{method:newAccountIdentifiers} instead if a provider | |||||
* is unable to emit identifiers with all of these properties. | |||||
* | * | ||||
* If the adapter was unable to authenticate an identity, it should return | * If the adapter was unable to authenticate an identity, it should return | ||||
* `null`. | * `null`. | ||||
* | * | ||||
* @return string|null Unique account identifier, or `null` if authentication | * @return string|null Unique account identifier, or `null` if authentication | ||||
* failed. | * failed. | ||||
*/ | */ | ||||
abstract public function getAccountID(); | public function getAccountID() { | ||||
throw new PhutilMethodNotImplementedException(); | |||||
} | |||||
/** | /** | ||||
* Get a string identifying this adapter, like "ldap". This string should be | * Get a string identifying this adapter, like "ldap". This string should be | ||||
* unique to the adapter class. | * unique to the adapter class. | ||||
* | * | ||||
* @return string Unique adapter identifier. | * @return string Unique adapter identifier. | ||||
*/ | */ | ||||
▲ Show 20 Lines • Show All 81 Lines • Show Last 20 Lines |