Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthLoginController.php
Show First 20 Lines • Show All 74 Lines • ▼ Show 20 Lines | if ($account->getUserPHID()) { | ||||
// The account is already attached to a Phabricator user, so this is | // The account is already attached to a Phabricator user, so this is | ||||
// either a login or a bad account link request. | // either a login or a bad account link request. | ||||
if (!$viewer->isLoggedIn()) { | if (!$viewer->isLoggedIn()) { | ||||
if ($provider->shouldAllowLogin()) { | if ($provider->shouldAllowLogin()) { | ||||
return $this->processLoginUser($account); | return $this->processLoginUser($account); | ||||
} else { | } else { | ||||
return $this->renderError( | return $this->renderError( | ||||
pht( | pht( | ||||
'The external account ("%s") you just authenticated with is '. | 'The external service ("%s") you just authenticated with is '. | ||||
'not configured to allow logins on this Phabricator install. '. | 'not configured to allow logins on this server. An '. | ||||
'An administrator may have recently disabled it.', | 'administrator may have recently disabled it.', | ||||
$provider->getProviderName())); | $provider->getProviderName())); | ||||
} | } | ||||
} else if ($viewer->getPHID() == $account->getUserPHID()) { | } else if ($viewer->getPHID() == $account->getUserPHID()) { | ||||
// This is either an attempt to re-link an existing and already | // This is either an attempt to re-link an existing and already | ||||
// linked account (which is silly) or a refresh of an external account | // linked account (which is silly) or a refresh of an external account | ||||
// (e.g., an OAuth account). | // (e.g., an OAuth account). | ||||
return id(new AphrontRedirectResponse()) | return id(new AphrontRedirectResponse()) | ||||
->setURI('/settings/panel/external/'); | ->setURI('/settings/panel/external/'); | ||||
} else { | } else { | ||||
return $this->renderError( | return $this->renderError( | ||||
pht( | pht( | ||||
'The external account ("%s") you just used to log in is already '. | 'The external service ("%s") you just used to log in is already '. | ||||
'associated with another Phabricator user account. Log in to the '. | 'associated with another %s user account. Log in to the '. | ||||
'other Phabricator account and unlink the external account before '. | 'other %s account and unlink the external account before '. | ||||
'linking it to a new Phabricator account.', | 'linking it to a new %s account.', | ||||
$provider->getProviderName())); | $provider->getProviderName(), | ||||
PlatformSymbols::getPlatformServerName(), | |||||
PlatformSymbols::getPlatformServerName(), | |||||
PlatformSymbols::getPlatformServerName())); | |||||
} | } | ||||
} else { | } else { | ||||
// The account is not yet attached to a Phabricator user, so this is | // The account is not yet attached to a Phabricator user, so this is | ||||
// either a registration or an account link request. | // either a registration or an account link request. | ||||
if (!$viewer->isLoggedIn()) { | if (!$viewer->isLoggedIn()) { | ||||
if ($provider->shouldAllowRegistration() || $invite) { | if ($provider->shouldAllowRegistration() || $invite) { | ||||
return $this->processRegisterUser($account); | return $this->processRegisterUser($account); | ||||
} else { | } else { | ||||
return $this->renderError( | return $this->renderError( | ||||
pht( | pht( | ||||
'The external account ("%s") you just authenticated with is '. | 'The external service ("%s") you just authenticated with is '. | ||||
'not configured to allow registration on this Phabricator '. | 'not configured to allow registration on this server. An '. | ||||
'install. An administrator may have recently disabled it.', | 'administrator may have recently disabled it.', | ||||
$provider->getProviderName())); | $provider->getProviderName())); | ||||
} | } | ||||
} else { | } else { | ||||
// If the user already has a linked account on this provider, prevent | // If the user already has a linked account on this provider, prevent | ||||
// them from linking a second account. This can happen if they swap | // them from linking a second account. This can happen if they swap | ||||
// logins and then refresh the account link. | // logins and then refresh the account link. | ||||
// There's no technical reason we can't allow you to link multiple | // There's no technical reason we can't allow you to link multiple | ||||
// accounts from a single provider; disallowing this is currently a | // accounts from a single provider; disallowing this is currently a | ||||
// product deciison. See T2549. | // product deciison. See T2549. | ||||
$existing_accounts = id(new PhabricatorExternalAccountQuery()) | $existing_accounts = id(new PhabricatorExternalAccountQuery()) | ||||
->setViewer($viewer) | ->setViewer($viewer) | ||||
->withUserPHIDs(array($viewer->getPHID())) | ->withUserPHIDs(array($viewer->getPHID())) | ||||
->withProviderConfigPHIDs( | ->withProviderConfigPHIDs( | ||||
array( | array( | ||||
$provider->getProviderConfigPHID(), | $provider->getProviderConfigPHID(), | ||||
)) | )) | ||||
->execute(); | ->execute(); | ||||
if ($existing_accounts) { | if ($existing_accounts) { | ||||
return $this->renderError( | return $this->renderError( | ||||
pht( | pht( | ||||
'Your Phabricator account is already connected to an external '. | 'Your %s account is already connected to an external '. | ||||
'account on this provider ("%s"), but you are currently logged '. | 'account on this service ("%s"), but you are currently logged '. | ||||
'in to the provider with a different account. Log out of the '. | 'in to the service with a different account. Log out of the '. | ||||
'external service, then log back in with the correct account '. | 'external service, then log back in with the correct account '. | ||||
'before refreshing the account link.', | 'before refreshing the account link.', | ||||
PlatformSymbols::getPlatformServerName(), | |||||
$provider->getProviderName())); | $provider->getProviderName())); | ||||
} | } | ||||
if ($provider->shouldAllowAccountLink()) { | if ($provider->shouldAllowAccountLink()) { | ||||
return $this->processLinkUser($account); | return $this->processLinkUser($account); | ||||
} else { | } else { | ||||
return $this->renderError( | return $this->renderError( | ||||
pht( | pht( | ||||
'The external account ("%s") you just authenticated with is '. | 'The external service ("%s") you just authenticated with is '. | ||||
'not configured to allow account linking on this Phabricator '. | 'not configured to allow account linking on this server. An '. | ||||
'install. An administrator may have recently disabled it.', | 'administrator may have recently disabled it.', | ||||
$provider->getProviderName())); | $provider->getProviderName())); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
// This should be unreachable, but fail explicitly if we get here somehow. | // This should be unreachable, but fail explicitly if we get here somehow. | ||||
return new Aphront400Response(); | return new Aphront400Response(); | ||||
} | } | ||||
private function processLoginUser(PhabricatorExternalAccount $account) { | private function processLoginUser(PhabricatorExternalAccount $account) { | ||||
$user = id(new PhabricatorUser())->loadOneWhere( | $user = id(new PhabricatorUser())->loadOneWhere( | ||||
'phid = %s', | 'phid = %s', | ||||
$account->getUserPHID()); | $account->getUserPHID()); | ||||
if (!$user) { | if (!$user) { | ||||
return $this->renderError( | return $this->renderError( | ||||
pht( | pht( | ||||
'The external account you just logged in with is not associated '. | 'The external account you just logged in with is not associated '. | ||||
'with a valid Phabricator user.')); | 'with a valid %s user account.', | ||||
PlatformSymbols::getPlatformServerName())); | |||||
} | } | ||||
return $this->loginUser($user); | return $this->loginUser($user); | ||||
} | } | ||||
private function processRegisterUser(PhabricatorExternalAccount $account) { | private function processRegisterUser(PhabricatorExternalAccount $account) { | ||||
$account_secret = $account->getAccountSecret(); | $account_secret = $account->getAccountSecret(); | ||||
$register_uri = $this->getApplicationURI('register/'.$account_secret.'/'); | $register_uri = $this->getApplicationURI('register/'.$account_secret.'/'); | ||||
▲ Show 20 Lines • Show All 101 Lines • Show Last 20 Lines |