Page MenuHomePhabricator
Differential D21778 Diff 51934 src/applications/auth/controller/PhabricatorAuthLoginController.php

Changeset View

Standalone View

View Options

src/applications/auth/controller/PhabricatorAuthLoginController.php

Show First 20 LinesShow All 74 Lines▼ Show 20 Lines if ($account->getUserPHID()) {
// The account is already attached to a Phabricator user, so this is // The account is already attached to a Phabricator user, so this is
// either a login or a bad account link request. // either a login or a bad account link request.
if (!$viewer->isLoggedIn()) { if (!$viewer->isLoggedIn()) {
if ($provider->shouldAllowLogin()) { if ($provider->shouldAllowLogin()) {
return $this->processLoginUser($account); return $this->processLoginUser($account);
} else { } else {
return $this->renderError( return $this->renderError(
pht( pht(
'The external account ("%s") you just authenticated with is '. 'The external service ("%s") you just authenticated with is '.
'not configured to allow logins on this Phabricator install. '. 'not configured to allow logins on this server. An '.
'An administrator may have recently disabled it.', 'administrator may have recently disabled it.',
$provider->getProviderName())); $provider->getProviderName()));
} }
} else if ($viewer->getPHID() == $account->getUserPHID()) { } else if ($viewer->getPHID() == $account->getUserPHID()) {
// This is either an attempt to re-link an existing and already // This is either an attempt to re-link an existing and already
// linked account (which is silly) or a refresh of an external account // linked account (which is silly) or a refresh of an external account
// (e.g., an OAuth account). // (e.g., an OAuth account).
return id(new AphrontRedirectResponse()) return id(new AphrontRedirectResponse())
->setURI('/settings/panel/external/'); ->setURI('/settings/panel/external/');
} else { } else {
return $this->renderError( return $this->renderError(
pht( pht(
'The external account ("%s") you just used to log in is already '. 'The external service ("%s") you just used to log in is already '.
'associated with another Phabricator user account. Log in to the '. 'associated with another %s user account. Log in to the '.
'other Phabricator account and unlink the external account before '. 'other %s account and unlink the external account before '.
'linking it to a new Phabricator account.', 'linking it to a new %s account.',
$provider->getProviderName())); $provider->getProviderName(),
PlatformSymbols::getPlatformServerName(),
PlatformSymbols::getPlatformServerName(),
PlatformSymbols::getPlatformServerName()));
} }
} else { } else {
// The account is not yet attached to a Phabricator user, so this is // The account is not yet attached to a Phabricator user, so this is
// either a registration or an account link request. // either a registration or an account link request.
if (!$viewer->isLoggedIn()) { if (!$viewer->isLoggedIn()) {
if ($provider->shouldAllowRegistration() || $invite) { if ($provider->shouldAllowRegistration() || $invite) {
return $this->processRegisterUser($account); return $this->processRegisterUser($account);
} else { } else {
return $this->renderError( return $this->renderError(
pht( pht(
'The external account ("%s") you just authenticated with is '. 'The external service ("%s") you just authenticated with is '.
'not configured to allow registration on this Phabricator '. 'not configured to allow registration on this server. An '.
'install. An administrator may have recently disabled it.', 'administrator may have recently disabled it.',
$provider->getProviderName())); $provider->getProviderName()));
} }
} else { } else {
// If the user already has a linked account on this provider, prevent // If the user already has a linked account on this provider, prevent
// them from linking a second account. This can happen if they swap // them from linking a second account. This can happen if they swap
// logins and then refresh the account link. // logins and then refresh the account link.
// There's no technical reason we can't allow you to link multiple // There's no technical reason we can't allow you to link multiple
// accounts from a single provider; disallowing this is currently a // accounts from a single provider; disallowing this is currently a
// product deciison. See T2549. // product deciison. See T2549.
$existing_accounts = id(new PhabricatorExternalAccountQuery()) $existing_accounts = id(new PhabricatorExternalAccountQuery())
->setViewer($viewer) ->setViewer($viewer)
->withUserPHIDs(array($viewer->getPHID())) ->withUserPHIDs(array($viewer->getPHID()))
->withProviderConfigPHIDs( ->withProviderConfigPHIDs(
array( array(
$provider->getProviderConfigPHID(), $provider->getProviderConfigPHID(),
)) ))
->execute(); ->execute();
if ($existing_accounts) { if ($existing_accounts) {
return $this->renderError( return $this->renderError(
pht( pht(
'Your Phabricator account is already connected to an external '. 'Your %s account is already connected to an external '.
'account on this provider ("%s"), but you are currently logged '. 'account on this service ("%s"), but you are currently logged '.
'in to the provider with a different account. Log out of the '. 'in to the service with a different account. Log out of the '.
'external service, then log back in with the correct account '. 'external service, then log back in with the correct account '.
'before refreshing the account link.', 'before refreshing the account link.',
PlatformSymbols::getPlatformServerName(),
$provider->getProviderName())); $provider->getProviderName()));
} }
if ($provider->shouldAllowAccountLink()) { if ($provider->shouldAllowAccountLink()) {
return $this->processLinkUser($account); return $this->processLinkUser($account);
} else { } else {
return $this->renderError( return $this->renderError(
pht( pht(
'The external account ("%s") you just authenticated with is '. 'The external service ("%s") you just authenticated with is '.
'not configured to allow account linking on this Phabricator '. 'not configured to allow account linking on this server. An '.
'install. An administrator may have recently disabled it.', 'administrator may have recently disabled it.',
$provider->getProviderName())); $provider->getProviderName()));
} }
} }
} }
// This should be unreachable, but fail explicitly if we get here somehow. // This should be unreachable, but fail explicitly if we get here somehow.
return new Aphront400Response(); return new Aphront400Response();
} }
private function processLoginUser(PhabricatorExternalAccount $account) { private function processLoginUser(PhabricatorExternalAccount $account) {
$user = id(new PhabricatorUser())->loadOneWhere( $user = id(new PhabricatorUser())->loadOneWhere(
'phid = %s', 'phid = %s',
$account->getUserPHID()); $account->getUserPHID());
if (!$user) { if (!$user) {
return $this->renderError( return $this->renderError(
pht( pht(
'The external account you just logged in with is not associated '. 'The external account you just logged in with is not associated '.
'with a valid Phabricator user.')); 'with a valid %s user account.',
PlatformSymbols::getPlatformServerName()));
} }
return $this->loginUser($user); return $this->loginUser($user);
} }
private function processRegisterUser(PhabricatorExternalAccount $account) { private function processRegisterUser(PhabricatorExternalAccount $account) {
$account_secret = $account->getAccountSecret(); $account_secret = $account->getAccountSecret();
$register_uri = $this->getApplicationURI('register/'.$account_secret.'/'); $register_uri = $this->getApplicationURI('register/'.$account_secret.'/');
▲ Show 20 LinesShow All 101 LinesShow Last 20 Lines
Phabricator · Built by Phacility