public function buildMainMenuItems(PhabricatorUser $user, PhabricatorController $controller = null)
{
$items = array();
if ($user->isLoggedIn() && $user->isUserActivated()) {
$image = $user->loadProfileImageURI();
$item = id(new PHUIListItemView())->setName($user->getUsername())->setHref('/p/' . $user->getUsername() . '/')->addClass('core-menu-item')->setAural(pht('Profile'))->setOrder(100);
$classes = array('phabricator-core-menu-icon', 'phabricator-core-menu-profile-image');
$item->appendChild(phutil_tag('span', array('class' => implode(' ', $classes), 'style' => 'background-image: url(' . $image . ')'), ''));
$items[] = $item;
}
return $items;
}
protected function buildUserInformationDictionary(PhabricatorUser $user, PhabricatorUserStatus $current_status = null)
{
$roles = array();
if ($user->getIsDisabled()) {
$roles[] = 'disabled';
}
if ($user->getIsSystemAgent()) {
$roles[] = 'agent';
}
if ($user->getIsAdmin()) {
$roles[] = 'admin';
}
$primary = $user->loadPrimaryEmail();
if ($primary && $primary->getIsVerified()) {
$roles[] = 'verified';
} else {
$roles[] = 'unverified';
}
$return = array('phid' => $user->getPHID(), 'userName' => $user->getUserName(), 'realName' => $user->getRealName(), 'image' => $user->loadProfileImageURI(), 'uri' => PhabricatorEnv::getURI('/p/' . $user->getUsername() . '/'), 'roles' => $roles);
if ($current_status) {
$return['currentStatus'] = $current_status->getTextStatus();
$return['currentStatusUntil'] = $current_status->getDateTo();
}
return $return;
}
public function buildIconNavView(PhabricatorUser $user)
{
$viewer = $this->getViewer();
$picture = $user->getProfileImageURI();
$name = $user->getUsername();
$nav = new AphrontSideNavFilterView();
$nav->setIconNav(true);
$nav->setBaseURI(new PhutilURI('/p/'));
$nav->addIcon("{$name}/", $name, null, $picture);
$class = 'PhabricatorCalendarApplication';
if (PhabricatorApplication::isClassInstalledForViewer($class, $viewer)) {
$nav->addIcon("{$name}/calendar/", pht('Calendar'), 'fa-calendar');
}
$class = 'PhabricatorManiphestApplication';
if (PhabricatorApplication::isClassInstalledForViewer($class, $viewer)) {
$phid = $user->getPHID();
$view_uri = sprintf('/maniphest/?statuses=open()&assigned=%s#R', $phid);
$nav->addIcon('maniphest', pht('Open Tasks'), 'fa-anchor', null, $view_uri);
}
$class = 'PhabricatorDifferentialApplication';
if (PhabricatorApplication::isClassInstalledForViewer($class, $viewer)) {
$username = phutil_escape_uri($name);
$view_uri = '/differential/?authors=' . $username;
$nav->addIcon('differential', pht('Revisions'), 'fa-cog', null, $view_uri);
}
$class = 'PhabricatorAuditApplication';
if (PhabricatorApplication::isClassInstalledForViewer($class, $viewer)) {
$username = phutil_escape_uri($name);
$view_uri = '/audit/?authors=' . $username;
$nav->addIcon('audit', pht('Commits'), 'fa-code', null, $view_uri);
}
return $nav;
}
private function handleLoggedInInvite(PhabricatorAuthInvite $invite, PhabricatorUser $viewer, PhabricatorUserEmail $email = null)
{
if ($email && $email->getUserPHID() !== $viewer->getPHID()) {
$other_user = $this->loadUserForEmail($email);
if ($email->getIsVerified()) {
throw id(new PhabricatorAuthInviteAccountException(pht('Wrong Account'), pht('You are logged in as %s, but the email address you just ' . 'clicked a link from is already verified and associated ' . 'with another account (%s). Switch accounts, then try again.', phutil_tag('strong', array(), $viewer->getUsername()), phutil_tag('strong', array(), $other_user->getName()))))->setSubmitButtonText(pht('Log Out'))->setSubmitButtonURI($this->getLogoutURI())->setCancelButtonURI('/');
} else {
if ($email->getIsPrimary()) {
// NOTE: We never steal primary addresses from other accounts, even
// if they are unverified. This would leave the other account with
// no address. Users can use password recovery to access the other
// account if they really control the address.
throw id(new PhabricatorAuthInviteAccountException(pht('Wrong Acount'), pht('You are logged in as %s, but the email address you just ' . 'clicked a link from is already the primary email address ' . 'for another account (%s). Switch accounts, then try again.', phutil_tag('strong', array(), $viewer->getUsername()), phutil_tag('strong', array(), $other_user->getName()))))->setSubmitButtonText(pht('Log Out'))->setSubmitButtonURI($this->getLogoutURI())->setCancelButtonURI('/');
} else {
if (!$this->shouldVerify()) {
throw id(new PhabricatorAuthInviteVerifyException(pht('Verify Email'), pht('You are logged in as %s, but the email address (%s) you just ' . 'clicked a link from is already associated with another ' . 'account (%s). You can log out to switch accounts, or verify ' . 'the address and attach it to your current account. Attach ' . 'email address %s to user account %s?', phutil_tag('strong', array(), $viewer->getUsername()), phutil_tag('strong', array(), $invite->getEmailAddress()), phutil_tag('strong', array(), $other_user->getName()), phutil_tag('strong', array(), $invite->getEmailAddress()), phutil_tag('strong', array(), $viewer->getUsername()))))->setSubmitButtonText(pht('Verify %s', $invite->getEmailAddress()))->setCancelButtonText(pht('Log Out'))->setCancelButtonURI($this->getLogoutURI());
}
}
}
}
if (!$email) {
$email = id(new PhabricatorUserEmail())->setAddress($invite->getEmailAddress())->setIsVerified(0)->setIsPrimary(0);
}
if (!$email->getIsVerified()) {
// We're doing this check here so that we can verify the address if
// it's already attached to the viewer's account, just not verified.
if (!$this->shouldVerify()) {
throw id(new PhabricatorAuthInviteVerifyException(pht('Verify Email'), pht('Verify this email address (%s) and attach it to your ' . 'account (%s)?', phutil_tag('strong', array(), $invite->getEmailAddress()), phutil_tag('strong', array(), $viewer->getUsername()))))->setSubmitButtonText(pht('Verify %s', $invite->getEmailAddress()))->setCancelButtonURI('/');
}
$editor = id(new PhabricatorUserEditor())->setActor($viewer);
// If this is a new email, add it to the user's account.
if (!$email->getUserPHID()) {
$editor->addEmail($viewer, $email);
}
// If another user added this email (but has not verified it),
// take it from them.
$editor->reassignEmail($viewer, $email);
$editor->verifyEmail($viewer, $email);
}
$invite->setAcceptedByPHID($viewer->getPHID());
$invite->save();
// If we make it here, the user was already logged in with the email
// address attached to their account and verified, or we attached it to
// their account (if it was not already attached) and verified it.
throw new PhabricatorAuthInviteRegisteredException();
}
public function validateSender(PhabricatorMetaMTAReceivedMail $mail, PhabricatorUser $sender)
{
$failure_reason = null;
if ($sender->getIsDisabled()) {
$failure_reason = pht('Your account (%s) is disabled, so you can not interact with ' . 'Phabricator over email.', $sender->getUsername());
} else {
if ($sender->getIsStandardUser()) {
if (!$sender->getIsApproved()) {
$failure_reason = pht('Your account (%s) has not been approved yet. You can not interact ' . 'with Phabricator over email until your account is approved.', $sender->getUsername());
} else {
if (PhabricatorUserEmail::isEmailVerificationRequired() && !$sender->getIsEmailVerified()) {
$failure_reason = pht('You have not verified the email address for your account (%s). ' . 'You must verify your email address before you can interact ' . 'with Phabricator over email.', $sender->getUsername());
}
}
}
}
if ($failure_reason) {
throw new PhabricatorMetaMTAReceivedMailProcessingException(MetaMTAReceivedMailStatus::STATUS_DISABLED_SENDER, $failure_reason);
}
}
public function buildMainMenuItems(PhabricatorUser $user, PhabricatorController $controller = null)
{
$items = array();
if ($controller instanceof PhabricatorPeopleProfileController && $controller->getProfileUser() && $controller->getProfileUser()->getPHID() == $user->getPHID()) {
$class = 'main-menu-item-icon-profile-selected';
} else {
$class = 'main-menu-item-icon-profile-not-selected';
}
if ($user->isLoggedIn()) {
$image = $user->loadProfileImageURI();
$item = new PhabricatorMainMenuIconView();
$item->setName($user->getUsername());
$item->addClass('main-menu-item-icon-profile ' . $class);
$item->addStyle('background-image: url(' . $image . ')');
$item->setHref('/p/' . $user->getUsername() . '/');
$item->setSortOrder(0.0);
$items[] = $item;
}
return $items;
}
protected function buildUserInformationDictionary(PhabricatorUser $user)
{
$src_phid = $user->getProfileImagePHID();
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $src_phid);
if ($file) {
$picture = $file->getBestURI();
} else {
$picture = null;
}
return array('phid' => $user->getPHID(), 'userName' => $user->getUserName(), 'realName' => $user->getRealName(), 'email' => $user->getEmail(), 'image' => $picture, 'uri' => PhabricatorEnv::getURI('/p/' . $user->getUsername() . '/'));
}
public function processRequest()
{
$request = $this->getRequest();
$viewer = $request->getUser();
$is_admin = $viewer->getIsAdmin();
$user = new PhabricatorUser();
$count = queryfx_one($user->establishConnection('r'), 'SELECT COUNT(*) N FROM %T', $user->getTableName());
$count = idx($count, 'N', 0);
$pager = new AphrontPagerView();
$pager->setOffset($request->getInt('page', 0));
$pager->setCount($count);
$pager->setURI($request->getRequestURI(), 'page');
$users = id(new PhabricatorPeopleQuery())->needPrimaryEmail(true)->executeWithOffsetPager($pager);
$rows = array();
foreach ($users as $user) {
$primary_email = $user->loadPrimaryEmail();
if ($primary_email && $primary_email->getIsVerified()) {
$email = 'Verified';
} else {
$email = 'Unverified';
}
$status = array();
if ($user->getIsDisabled()) {
$status[] = 'Disabled';
}
if ($user->getIsAdmin()) {
$status[] = 'Admin';
}
if ($user->getIsSystemAgent()) {
$status[] = 'System Agent';
}
$status = implode(', ', $status);
$rows[] = array(phabricator_date($user->getDateCreated(), $viewer), phabricator_time($user->getDateCreated(), $viewer), phutil_render_tag('a', array('href' => '/p/' . $user->getUsername() . '/'), phutil_escape_html($user->getUserName())), phutil_escape_html($user->getRealName()), $status, $email, phutil_render_tag('a', array('class' => 'button grey small', 'href' => '/people/edit/' . $user->getID() . '/'), 'Administrate User'));
}
$table = new AphrontTableView($rows);
$table->setHeaders(array('Join Date', 'Time', 'Username', 'Real Name', 'Roles', 'Email', ''));
$table->setColumnClasses(array(null, 'right', 'pri', 'wide', null, null, 'action'));
$table->setColumnVisibility(array(true, true, true, true, $is_admin, $is_admin, $is_admin));
$panel = new AphrontPanelView();
$panel->setHeader('People (' . number_format($count) . ')');
$panel->appendChild($table);
$panel->appendChild($pager);
if ($is_admin) {
$panel->addButton(phutil_render_tag('a', array('href' => '/people/edit/', 'class' => 'button green'), 'Create New Account'));
if (PhabricatorEnv::getEnvConfig('ldap.auth-enabled')) {
$panel->addButton(phutil_render_tag('a', array('href' => '/people/ldap/', 'class' => 'button green'), 'Import from LDAP'));
}
}
$nav = $this->buildSideNavView();
$nav->selectFilter('people');
$nav->appendChild($panel);
return $this->buildApplicationPage($nav, array('title' => 'People'));
}
protected function buildUserInformationDictionary(PhabricatorUser $user, $with_email = false, $with_availability = false)
{
$roles = array();
if ($user->getIsDisabled()) {
$roles[] = 'disabled';
}
if ($user->getIsSystemAgent()) {
$roles[] = 'agent';
}
if ($user->getIsMailingList()) {
$roles[] = 'list';
}
if ($user->getIsAdmin()) {
$roles[] = 'admin';
}
$primary = $user->loadPrimaryEmail();
if ($primary && $primary->getIsVerified()) {
$email = $primary->getAddress();
$roles[] = 'verified';
} else {
$email = null;
$roles[] = 'unverified';
}
if ($user->getIsApproved()) {
$roles[] = 'approved';
}
if ($user->isUserActivated()) {
$roles[] = 'activated';
}
$return = array('phid' => $user->getPHID(), 'userName' => $user->getUserName(), 'realName' => $user->getRealName(), 'image' => $user->getProfileImageURI(), 'uri' => PhabricatorEnv::getURI('/p/' . $user->getUsername() . '/'), 'roles' => $roles);
if ($with_email) {
$return['primaryEmail'] = $email;
}
if ($with_availability) {
// TODO: Modernize this once we have a more long-term view of what the
// data looks like.
$until = $user->getAwayUntil();
if ($until) {
$return['currentStatus'] = 'away';
$return['currentStatusUntil'] = $until;
}
}
return $return;
}
public function processRequest()
{
$request = $this->getRequest();
$viewer = $request->getUser();
$is_admin = $viewer->getIsAdmin();
$user = new PhabricatorUser();
$count = queryfx_one($user->establishConnection('r'), 'SELECT COUNT(*) N FROM %T', $user->getTableName());
$count = idx($count, 'N', 0);
$pager = new AphrontPagerView();
$pager->setOffset($request->getInt('page', 0));
$pager->setCount($count);
$pager->setURI($request->getRequestURI(), 'page');
$users = id(new PhabricatorUser())->loadAllWhere('1 = 1 ORDER BY id DESC LIMIT %d, %d', $pager->getOffset(), $pager->getPageSize());
$rows = array();
foreach ($users as $user) {
$status = '';
if ($user->getIsDisabled()) {
$status = 'Disabled';
} else {
if ($user->getIsAdmin()) {
$status = 'Admin';
} else {
$status = '-';
}
}
$rows[] = array(phabricator_date($user->getDateCreated(), $viewer), phabricator_time($user->getDateCreated(), $viewer), phutil_render_tag('a', array('href' => '/p/' . $user->getUsername() . '/'), phutil_escape_html($user->getUserName())), phutil_escape_html($user->getRealName()), $status, phutil_render_tag('a', array('class' => 'button grey small', 'href' => '/people/edit/' . $user->getID() . '/'), 'Administrate User'));
}
$table = new AphrontTableView($rows);
$table->setHeaders(array('Join Date', 'Time', 'Username', 'Real Name', 'Status', ''));
$table->setColumnClasses(array(null, 'right', 'pri', 'wide', null, 'action'));
$table->setColumnVisibility(array(true, true, true, true, $is_admin, $is_admin));
$panel = new AphrontPanelView();
$panel->setHeader('People (' . number_format($count) . ')');
$panel->appendChild($table);
$panel->appendChild($pager);
if ($is_admin) {
$panel->addButton(phutil_render_tag('a', array('href' => '/people/edit/', 'class' => 'button green'), 'Create New Account'));
}
return $this->buildStandardPageResponse($panel, array('title' => 'People', 'tab' => 'directory'));
}
private function getCommonEnvironment(PhabricatorUser $viewer)
{
$remote_address = $this->getRequest()->getRemoteAddress();
return array(DiffusionCommitHookEngine::ENV_USER => $viewer->getUsername(), DiffusionCommitHookEngine::ENV_REMOTE_ADDRESS => $remote_address, DiffusionCommitHookEngine::ENV_REMOTE_PROTOCOL => 'http');
}
private function processBasicRequest(PhabricatorUser $user)
{
$request = $this->getRequest();
$admin = $request->getUser();
$e_username = true;
$e_realname = true;
$e_email = true;
$errors = array();
$welcome_checked = true;
$request = $this->getRequest();
if ($request->isFormPost()) {
$welcome_checked = $request->getInt('welcome');
if (!$user->getID()) {
$user->setUsername($request->getStr('username'));
$user->setEmail($request->getStr('email'));
if ($request->getStr('role') == 'agent') {
$user->setIsSystemAgent(true);
}
}
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getUsername())) {
$errors[] = "Username is required.";
$e_username = '******';
} else {
if (!preg_match('/^[a-z0-9]+$/', $user->getUsername())) {
$errors[] = "Username must consist of only numbers and letters.";
$e_username = '******';
} else {
$e_username = null;
}
}
if (!strlen($user->getRealName())) {
$errors[] = 'Real name is required.';
$e_realname = 'Required';
} else {
$e_realname = null;
}
if (!strlen($user->getEmail())) {
$errors[] = 'Email is required.';
$e_email = 'Required';
} else {
$e_email = null;
}
if (!$errors) {
try {
$is_new = !$user->getID();
$user->save();
if ($is_new) {
$log = PhabricatorUserLog::newLog($admin, $user, PhabricatorUserLog::ACTION_CREATE);
$log->save();
if ($welcome_checked) {
$admin_username = $admin->getUserName();
$admin_realname = $admin->getRealName();
$user_username = $user->getUserName();
$base_uri = PhabricatorEnv::getProductionURI('/');
$uri = $user->getEmailLoginURI();
$body = <<<EOBODY
Welcome to Phabricator!
{$admin_username} ({$admin_realname}) has created an account for you.
Username: {$user_username}
To login to Phabricator, follow this link and set a password:
{$uri}
After you have set a password, you can login in the future by going here:
{$base_uri}
Love,
Phabricator
EOBODY;
$mail = id(new PhabricatorMetaMTAMail())->addTos(array($user->getPHID()))->setSubject('[Phabricator] Welcome to Phabricator')->setBody($body)->setFrom($admin->getPHID())->saveAndSend();
}
}
$response = id(new AphrontRedirectResponse())->setURI('/people/edit/' . $user->getID() . '/?saved=true');
return $response;
} catch (AphrontQueryDuplicateKeyException $ex) {
$errors[] = 'Username and email must be unique.';
$same_username = id(new PhabricatorUser())->loadOneWhere('username = %s', $user->getUsername());
$same_email = id(new PhabricatorUser())->loadOneWhere('email = %s', $user->getEmail());
if ($same_username) {
$e_username = '******';
}
if ($same_email) {
$e_email = 'Duplicate';
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors);
}
$form = new AphrontFormView();
$form->setUser($admin);
if ($user->getID()) {
$form->setAction('/people/edit/' . $user->getID() . '/');
} else {
$form->setAction('/people/edit/');
}
if ($user->getID()) {
$is_immutable = true;
} else {
$is_immutable = false;
}
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Username')->setName('username')->setValue($user->getUsername())->setError($e_username)->setDisabled($is_immutable)->setCaption('Usernames are permanent and can not be changed later!'))->appendChild(id(new AphrontFormTextControl())->setLabel('Real Name')->setName('realname')->setValue($user->getRealName())->setError($e_realname))->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setDisabled($is_immutable)->setValue($user->getEmail())->setError($e_email));
if (!$user->getID()) {
$form->appendChild(id(new AphrontFormSelectControl())->setLabel('Role')->setName('role')->setValue('user')->setOptions(array('user' => 'Normal User', 'agent' => 'System Agent'))->setCaption('You can create a "system agent" account for bots, scripts, ' . 'etc.'))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('welcome', 1, 'Send "Welcome to Phabricator" email.', $welcome_checked));
} else {
$form->appendChild(id(new AphrontFormStaticControl())->setLabel('Role')->setValue($user->getIsSystemAgent() ? 'System Agent' : 'Normal User'));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Save'));
$panel = new AphrontPanelView();
if ($user->getID()) {
$panel->setHeader('Edit User');
} else {
$panel->setHeader('Create New User');
}
$panel->appendChild($form);
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
return array($error_view, $panel);
}
public function processRequest()
{
$provider = $this->getLDAProvider();
$ldap_info = $this->getLDAPInfo();
$request = $this->getRequest();
$errors = array();
$e_username = true;
$e_email = true;
$e_realname = true;
$user = new PhabricatorUser();
$user->setUsername();
$user->setRealname($provider->retrieveUserRealName());
$new_email = $provider->retrieveUserEmail();
if ($new_email) {
// If the user's LDAP provider account has an email address but the
// email address domain is not allowed by the Phabricator configuration,
// we just pretend the provider did not supply an address.
//
// For instance, if the user uses LDAP Auth and their email address
// is "*****@*****.**" but Phabricator is configured to require users
// use "@company.com" addresses, we show a prompt below and tell the user
// to provide their "@company.com" address. They can still use the LDAP
// account to login, they just need to associate their account with an
// allowed address.
//
// If the email address is fine, we just use it and don't prompt the user.
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$new_email = null;
}
}
$show_email_input = $new_email === null;
if ($request->isFormPost()) {
$user->setUsername($request->getStr('username'));
$username = $user->getUsername();
if (!strlen($user->getUsername())) {
$e_username = '******';
$errors[] = 'Username is required.';
} else {
if (!PhabricatorUser::validateUsername($username)) {
$e_username = '******';
$errors[] = PhabricatorUser::describeValidUsername();
} else {
$e_username = null;
}
}
if (!$new_email) {
$new_email = trim($request->getStr('email'));
if (!$new_email) {
$e_email = 'Required';
$errors[] = 'Email is required.';
} else {
$e_email = null;
}
}
if ($new_email) {
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$e_email = 'Invalid';
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
}
}
if (!strlen($user->getRealName())) {
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getRealName())) {
$e_realname = 'Required';
$errors[] = 'Real name is required.';
} else {
$e_realname = null;
}
}
if (!$errors) {
try {
// NOTE: We don't verify LDAP email addresses by default because
// LDAP providers might associate email addresses with accounts that
// haven't actually verified they own them. We could selectively
// auto-verify some providers that we trust here, but the stakes for
// verifying an email address are high because having a corporate
// address at a company is sometimes the key to the castle.
$email_obj = id(new PhabricatorUserEmail())->setAddress($new_email)->setIsVerified(0);
id(new PhabricatorUserEditor())->setActor($user)->createNewUser($user, $email_obj);
$ldap_info->setUserID($user->getID());
$ldap_info->save();
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
$email_obj->sendVerificationEmail($user);
return id(new AphrontRedirectResponse())->setURI('/');
} catch (AphrontQueryDuplicateKeyException $exception) {
$same_username = id(new PhabricatorUser())->loadOneWhere('userName = %s', $user->getUserName());
$same_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $new_email);
if ($same_username) {
$e_username = '******';
$errors[] = 'That username or email is not unique.';
} else {
if ($same_email) {
$e_email = 'Duplicate';
$errors[] = 'That email is not unique.';
} else {
throw $exception;
}
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Registration Failed');
$error_view->setErrors($errors);
}
// Strip the URI down to the path, because otherwise we'll trigger
// external CSRF protection (by having a protocol in the form "action")
// and generate a form with no CSRF token.
$action_uri = new PhutilURI('/ldap/login/');
$action_path = $action_uri->getPath();
$form = new AphrontFormView();
$form->setUser($request->getUser())->setAction($action_path)->appendChild(id(new AphrontFormTextControl())->setLabel('Username')->setName('username')->setValue($user->getUsername())->setError($e_username));
$form->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password'));
if ($show_email_input) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setValue($request->getStr('email'))->setError($e_email));
}
if ($provider->retrieveUserRealName() === null) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Real Name')->setName('realname')->setValue($request->getStr('realname'))->setError($e_realname));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Create Account'));
$panel = new AphrontPanelView();
$panel->setHeader('Create New Account');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account'));
}
private function sendWaitingForApprovalEmail(PhabricatorUser $user)
{
$title = '[Phabricator] ' . pht('New User "%s" Awaiting Approval', $user->getUsername());
$body = new PhabricatorMetaMTAMailBody();
$body->addRawSection(pht('Newly registered user "%s" is awaiting account approval by an ' . 'administrator.', $user->getUsername()));
$body->addLinkSection(pht('APPROVAL QUEUE'), PhabricatorEnv::getProductionURI('/people/query/approval/'));
$body->addLinkSection(pht('DISABLE APPROVAL QUEUE'), PhabricatorEnv::getProductionURI('/config/edit/auth.require-approval/'));
$admins = id(new PhabricatorPeopleQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withIsAdmin(true)->execute();
if (!$admins) {
return;
}
$mail = id(new PhabricatorMetaMTAMail())->addTos(mpull($admins, 'getPHID'))->setSubject($title)->setBody($body->render())->saveAndSend();
}
/**
* @task edit
*/
public function changeUsername(PhabricatorUser $user, $username)
{
$actor = $this->requireActor();
if (!$user->getID()) {
throw new Exception("User has not been created yet!");
}
if (!PhabricatorUser::validateUsername($username)) {
$valid = PhabricatorUser::describeValidUsername();
throw new Exception("Username is invalid! {$valid}");
}
$old_username = $user->getUsername();
$user->openTransaction();
$user->reload();
$user->setUsername($username);
try {
$user->save();
} catch (AphrontQueryDuplicateKeyException $ex) {
$user->setUsername($old_username);
$user->killTransaction();
throw $ex;
}
$log = PhabricatorUserLog::newLog($this->actor, $user, PhabricatorUserLog::ACTION_CHANGE_USERNAME);
$log->setOldValue($old_username);
$log->setNewValue($username);
$log->save();
$user->saveTransaction();
$user->sendUsernameChangeEmail($actor, $old_username);
}
}
$changed_pass = false;
// This disables local echo, so the user's password is not shown as they type
// it.
phutil_passthru('stty -echo');
$password = phutil_console_prompt("Enter a password for this user [blank to leave unchanged]:");
phutil_passthru('stty echo');
if (strlen($password)) {
$changed_pass = $password;
}
$is_admin = $user->getIsAdmin();
$set_admin = phutil_console_confirm('Should this user be an administrator?', $default_no = !$is_admin);
echo "\n\nACCOUNT SUMMARY\n\n";
$tpl = "%12s %-30s %-30s\n";
printf($tpl, null, 'OLD VALUE', 'NEW VALUE');
printf($tpl, 'Username', $original->getUsername(), $user->getUsername());
printf($tpl, 'Real Name', $original->getRealName(), $user->getRealName());
if ($new_email) {
printf($tpl, 'Email', '', $new_email);
}
printf($tpl, 'Password', null, $changed_pass !== false ? 'Updated' : 'Unchanged');
printf($tpl, 'Admin', $original->getIsAdmin() ? 'Y' : 'N', $set_admin ? 'Y' : 'N');
echo "\n";
if (!phutil_console_confirm("Save these changes?", $default_no = false)) {
echo "Cancelled.\n";
exit(1);
}
$user->openTransaction();
$editor = new PhabricatorUserEditor();
// TODO: This is wrong, but we have a chicken-and-egg problem when you use
// this script to create the first user.
public function processRequest()
{
$provider = $this->getOAuthProvider();
$oauth_info = $this->getOAuthInfo();
$request = $this->getRequest();
$errors = array();
$e_username = true;
$e_email = true;
$e_realname = true;
$user = new PhabricatorUser();
$user->setUsername($provider->retrieveUserAccountName());
$user->setRealName($provider->retrieveUserRealName());
$user->setEmail($provider->retrieveUserEmail());
if ($request->isFormPost()) {
$user->setUsername($request->getStr('username'));
$username = $user->getUsername();
if (!strlen($user->getUsername())) {
$e_username = '******';
$errors[] = 'Username is required.';
} else {
if (!PhabricatorUser::validateUsername($username)) {
$e_username = '******';
$errors[] = 'Username must consist of only numbers and letters.';
} else {
$e_username = null;
}
}
if ($user->getEmail() === null) {
$user->setEmail($request->getStr('email'));
if (!strlen($user->getEmail())) {
$e_email = 'Required';
$errors[] = 'Email is required.';
} else {
$e_email = null;
}
}
if (!strlen($user->getRealName())) {
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getRealName())) {
$e_realname = 'Required';
$errors[] = 'Real name is required.';
} else {
$e_realname = null;
}
}
if (!$errors) {
$image = $provider->retrieveUserProfileImage();
if ($image) {
$file = PhabricatorFile::newFromFileData($image, array('name' => $provider->getProviderKey() . '-profile.jpg', 'authorPHID' => $user->getPHID()));
$user->setProfileImagePHID($file->getPHID());
}
try {
$user->save();
$oauth_info->setUserID($user->getID());
$oauth_info->save();
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
return id(new AphrontRedirectResponse())->setURI('/');
} catch (AphrontQueryDuplicateKeyException $exception) {
$same_username = id(new PhabricatorUser())->loadOneWhere('userName = %s', $user->getUserName());
$same_email = id(new PhabricatorUser())->loadOneWhere('email = %s', $user->getEmail());
if ($same_username) {
$e_username = '******';
$errors[] = 'That username or email is not unique.';
} else {
if ($same_email) {
$e_email = 'Duplicate';
$errors[] = 'That email is not unique.';
} else {
throw $exception;
}
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Registration Failed');
$error_view->setErrors($errors);
}
// Strip the URI down to the path, because otherwise we'll trigger
// external CSRF protection (by having a protocol in the form "action")
// and generate a form with no CSRF token.
$action_uri = new PhutilURI($provider->getRedirectURI());
$action_path = $action_uri->getPath();
$form = new AphrontFormView();
$form->addHiddenInput('token', $provider->getAccessToken())->addHiddenInput('expires', $oauth_info->getTokenExpires())->addHiddenInput('state', $this->getOAuthState())->setUser($request->getUser())->setAction($action_path)->appendChild(id(new AphrontFormTextControl())->setLabel('Username')->setName('username')->setValue($user->getUsername())->setError($e_username));
if ($provider->retrieveUserEmail() === null) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setValue($request->getStr('email'))->setError($e_email));
}
if ($provider->retrieveUserRealName() === null) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Real Name')->setName('realname')->setValue($request->getStr('realname'))->setError($e_realname));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Create Account'));
$panel = new AphrontPanelView();
$panel->setHeader('Create New Account');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account'));
}
private function buildCalendarDayView(PhabricatorUser $user)
{
$viewer = $this->getViewer();
$class = 'PhabricatorCalendarApplication';
if (!PhabricatorApplication::isClassInstalledForViewer($class, $viewer)) {
return null;
}
$midnight = PhabricatorTime::getTodayMidnightDateTime($viewer);
$week_end = clone $midnight;
$week_end = $week_end->modify('+3 days');
$range_start = $midnight->format('U');
$range_end = $week_end->format('U');
$events = id(new PhabricatorCalendarEventQuery())->setViewer($viewer)->withDateRange($range_start, $range_end)->withInvitedPHIDs(array($user->getPHID()))->withIsCancelled(false)->needRSVPs(array($viewer->getPHID()))->execute();
$event_views = array();
foreach ($events as $event) {
$viewer_is_invited = $event->isRSVPInvited($viewer->getPHID());
$can_edit = PhabricatorPolicyFilter::hasCapability($viewer, $event, PhabricatorPolicyCapability::CAN_EDIT);
$epoch_min = $event->getStartDateTimeEpoch();
$epoch_max = $event->getEndDateTimeEpoch();
$event_view = id(new AphrontCalendarEventView())->setCanEdit($can_edit)->setEventID($event->getID())->setEpochRange($epoch_min, $epoch_max)->setIsAllDay($event->getIsAllDay())->setIcon($event->getIcon())->setViewerIsInvited($viewer_is_invited)->setName($event->getName())->setDatetimeSummary($event->renderEventDate($viewer, true))->setURI($event->getURI());
$event_views[] = $event_view;
}
$event_views = msort($event_views, 'getEpochStart');
$day_view = id(new PHUICalendarWeekView())->setViewer($viewer)->setView('week')->setEvents($event_views)->setWeekLength(3)->render();
$header = id(new PHUIHeaderView())->setHeader(pht('Calendar'))->setHref(urisprintf('/calendar/?invited=%s#R', $user->getUsername()));
$box = id(new PHUIObjectBoxView())->setHeader($header)->appendChild($day_view)->addClass('calendar-profile-box')->setBackground(PHUIObjectBoxView::GREY);
return $box;
}
/**
* Send a notification email from $user to this address, informing the
* recipient that this is now their account's new primary email address.
*
* @param PhabricatorUser The user sending the verification.
* @return this
* @task email
*/
public function sendNewPrimaryEmail(PhabricatorUser $user)
{
$username = $user->getUsername();
$new_address = $this->getAddress();
$body = sprintf("%s\n\n%s\n", pht('Hi %s', $username), pht('This is now your primary email address (%s). Going forward, ' . 'Phabricator will send all email here.', $new_address));
id(new PhabricatorMetaMTAMail())->addRawTos(array($new_address))->setForceDelivery(true)->setSubject(pht('[Phabricator] Primary Address Changed'))->setBody($body)->setFrom($user->getPHID())->setRelatedPHID($user->getPHID())->saveAndSend();
return $this;
}
public function processRequest()
{
$request = $this->getRequest();
$admin = $request->getUser();
switch ($this->type) {
case 'standard':
$is_bot = false;
break;
case 'bot':
$is_bot = true;
break;
default:
return new Aphront404Response();
}
$user = new PhabricatorUser();
$require_real_name = PhabricatorEnv::getEnvConfig('user.require-real-name');
$e_username = true;
$e_realname = $require_real_name ? true : null;
$e_email = true;
$errors = array();
$welcome_checked = true;
$new_email = null;
$request = $this->getRequest();
if ($request->isFormPost()) {
$welcome_checked = $request->getInt('welcome');
$user->setUsername($request->getStr('username'));
$new_email = $request->getStr('email');
if (!strlen($new_email)) {
$errors[] = pht('Email is required.');
$e_email = pht('Required');
} else {
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$e_email = pht('Invalid');
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
} else {
$e_email = null;
}
}
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getUsername())) {
$errors[] = pht('Username is required.');
$e_username = pht('Required');
} else {
if (!PhabricatorUser::validateUsername($user->getUsername())) {
$errors[] = PhabricatorUser::describeValidUsername();
$e_username = pht('Invalid');
} else {
$e_username = null;
}
}
if (!strlen($user->getRealName()) && $require_real_name) {
$errors[] = pht('Real name is required.');
$e_realname = pht('Required');
} else {
$e_realname = null;
}
if (!$errors) {
try {
$email = id(new PhabricatorUserEmail())->setAddress($new_email)->setIsVerified(0);
// Automatically approve the user, since an admin is creating them.
$user->setIsApproved(1);
// If the user is a bot, approve their email too.
if ($is_bot) {
$email->setIsVerified(1);
}
id(new PhabricatorUserEditor())->setActor($admin)->createNewUser($user, $email);
if ($is_bot) {
id(new PhabricatorUserEditor())->setActor($admin)->makeSystemAgentUser($user, true);
}
if ($welcome_checked && !$is_bot) {
$user->sendWelcomeEmail($admin);
}
$response = id(new AphrontRedirectResponse())->setURI('/p/' . $user->getUsername() . '/');
return $response;
} catch (AphrontDuplicateKeyQueryException $ex) {
$errors[] = pht('Username and email must be unique.');
$same_username = id(new PhabricatorUser())->loadOneWhere('username = %s', $user->getUsername());
$same_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $new_email);
if ($same_username) {
$e_username = pht('Duplicate');
}
if ($same_email) {
$e_email = pht('Duplicate');
}
}
}
}
$form = id(new AphrontFormView())->setUser($admin);
if ($is_bot) {
$form->appendRemarkupInstructions(pht('You are creating a new **bot/script** user account.'));
} else {
$form->appendRemarkupInstructions(pht('You are creating a new **standard** user account.'));
}
$form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Username'))->setName('username')->setValue($user->getUsername())->setError($e_username))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Real Name'))->setName('realname')->setValue($user->getRealName())->setError($e_realname))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Email'))->setName('email')->setValue($new_email)->setCaption(PhabricatorUserEmail::describeAllowedAddresses())->setError($e_email));
if (!$is_bot) {
$form->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('welcome', 1, pht('Send "Welcome to Phabricator" email with login instructions.'), $welcome_checked));
}
$form->appendChild(id(new AphrontFormSubmitControl())->addCancelButton($this->getApplicationURI())->setValue(pht('Create User')));
if ($is_bot) {
$form->appendChild(id(new AphrontFormDividerControl()))->appendRemarkupInstructions(pht('**Why do bot/script accounts need an email address?**' . "\n\n" . 'Although bots do not normally receive email from Phabricator, ' . 'they can interact with other systems which require an email ' . 'address. Examples include:' . "\n\n" . " - If the account takes actions which //send// email, we need " . " an address to use in the //From// header.\n" . " - If the account creates commits, Git and Mercurial require " . " an email address for authorship.\n" . " - If you send email //to// Phabricator on behalf of the " . " account, the address can identify the sender.\n" . " - Some internal authentication functions depend on accounts " . " having an email address.\n" . "\n\n" . "The address will automatically be verified, so you do not need " . "to be able to receive mail at this address, and can enter some " . "invalid or nonexistent (but correctly formatted) address like " . "`bot@yourcompany.com` if you prefer."));
}
$title = pht('Create New User');
$form_box = id(new PHUIObjectBoxView())->setHeaderText($title)->setFormErrors($errors)->setForm($form);
$crumbs = $this->buildApplicationCrumbs();
$crumbs->addTextCrumb($title);
return $this->buildApplicationPage(array($crumbs, $form_box), array('title' => $title));
}
/**
* Send a notification email from $user to this address, informing the
* recipient that this is now their account's new primary email address.
*
* @param PhabricatorUser The user sending the verification.
* @return this
* @task email
*/
public function sendNewPrimaryEmail(PhabricatorUser $user)
{
$username = $user->getUsername();
$new_address = $this->getAddress();
$body = <<<EOBODY
Hi {$username},
This is now your primary email address ({$new_address}). Going forward,
Phabricator will send all email here.
EOBODY;
id(new PhabricatorMetaMTAMail())->addRawTos(array($new_address))->setForceDelivery(true)->setSubject('[Phabricator] Primary Address Changed')->setBody($body)->setFrom($user->getPHID())->setRelatedPHID($user->getPHID())->saveAndSend();
return $this;
}
private function processDeleteRequest(PhabricatorUser $user)
{
$request = $this->getRequest();
$admin = $request->getUser();
if ($user->getPHID() == $admin->getPHID()) {
$error = new AphrontErrorView();
$error->setTitle('You Shall Journey No Farther');
$error->appendChild('<p>As you stare into the gaping maw of the abyss, something holds ' . 'you back.</p>' . '<p>You can not delete your own account.</p>');
return $error;
}
$e_username = true;
$username = null;
$errors = array();
if ($request->isFormPost()) {
$username = $request->getStr('username');
if (!strlen($username)) {
$e_username = '******';
$errors[] = 'You must type the username to confirm deletion.';
} else {
if ($username != $user->getUsername()) {
$e_username = '******';
$errors[] = 'You must type the username correctly.';
}
}
if (!$errors) {
id(new PhabricatorUserEditor())->setActor($admin)->deleteUser($user);
return id(new AphrontRedirectResponse())->setURI('/people/');
}
}
if ($errors) {
$errors = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors);
} else {
$errors = null;
}
$form = new AphrontFormView();
$form->setUser($admin)->setAction($request->getRequestURI())->appendChild('<p class="aphront-form-instructions">' . '<strong>Be careful when deleting users!</strong> ' . 'If this user interacted with anything, it is generally better ' . 'to disable them, not delete them. If you delete them, it will ' . 'no longer be possible to search for their objects, for example, ' . 'and you will lose other information about their history. Disabling ' . 'them instead will prevent them from logging in but not destroy ' . 'any of their data.' . '</p>' . '<p class="aphront-form-instructions">' . 'It is generally safe to delete newly created users (and test users ' . 'and so on), but less safe to delete established users. If ' . 'possible, disable them instead.' . '</p>')->appendChild(id(new AphrontFormStaticControl())->setLabel('Username')->setValue($user->getUsername()))->appendChild(id(new AphrontFormTextControl())->setLabel('Confirm')->setValue($username)->setName('username')->setCaption("Type the username again to confirm deletion.")->setError($e_username))->appendChild(id(new AphrontFormSubmitControl())->setValue('Delete User'));
$panel = new AphrontPanelView();
$panel->setHeader('Delete User');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return array($errors, $panel);
}
// on create.)
if (!$is_new) {
$verify_email = $user->loadPrimaryEmail();
if (!$verify_email->getIsVerified()) {
$set_verified = phutil_console_confirm(pht('Should the primary email address be verified?'), $default_no = true);
} else {
// Already verified so let's not make a fuss.
$verify_email = null;
}
}
$is_admin = $user->getIsAdmin();
$set_admin = phutil_console_confirm(pht('Should this user be an administrator?'), $default_no = !$is_admin);
echo "\n\n" . pht('ACCOUNT SUMMARY') . "\n\n";
$tpl = "%12s %-30s %-30s\n";
printf($tpl, null, pht('OLD VALUE'), pht('NEW VALUE'));
printf($tpl, pht('Username'), $original->getUsername(), $user->getUsername());
printf($tpl, pht('Real Name'), $original->getRealName(), $user->getRealName());
if ($is_new) {
printf($tpl, pht('Email'), '', $create_email);
}
printf($tpl, pht('Password'), null, $changed_pass !== false ? pht('Updated') : pht('Unchanged'));
printf($tpl, pht('Bot'), $original->getIsSystemAgent() ? 'Y' : 'N', $set_system_agent ? 'Y' : 'N');
if ($verify_email) {
printf($tpl, pht('Verify Email'), $verify_email->getIsVerified() ? 'Y' : 'N', $set_verified ? 'Y' : 'N');
}
printf($tpl, pht('Admin'), $original->getIsAdmin() ? 'Y' : 'N', $set_admin ? 'Y' : 'N');
echo "\n";
if (!phutil_console_confirm(pht('Save these changes?'), $default_no = false)) {
echo pht('Cancelled.') . "\n";
exit(1);
}
private function buildLoginValidateResponse(PhabricatorUser $user)
{
$validate_uri = new PhutilURI($this->getApplicationURI('validate/'));
$validate_uri->setQueryParam('expect', $user->getUsername());
return id(new AphrontRedirectResponse())->setURI((string) $validate_uri);
}
private function processBasicRequest(PhabricatorUser $user)
{
$request = $this->getRequest();
$admin = $request->getUser();
$e_username = true;
$e_realname = true;
$e_email = true;
$errors = array();
$welcome_checked = true;
$request = $this->getRequest();
if ($request->isFormPost()) {
$welcome_checked = $request->getInt('welcome');
if (!$user->getID()) {
$user->setUsername($request->getStr('username'));
$user->setEmail($request->getStr('email'));
if ($request->getStr('role') == 'agent') {
$user->setIsSystemAgent(true);
}
}
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getUsername())) {
$errors[] = "Username is required.";
$e_username = '******';
} else {
if (!PhabricatorUser::validateUsername($user->getUsername())) {
$errors[] = "Username must consist of only numbers and letters.";
$e_username = '******';
} else {
$e_username = null;
}
}
if (!strlen($user->getRealName())) {
$errors[] = 'Real name is required.';
$e_realname = 'Required';
} else {
$e_realname = null;
}
if (!strlen($user->getEmail())) {
$errors[] = 'Email is required.';
$e_email = 'Required';
} else {
$e_email = null;
}
if (!$errors) {
try {
$is_new = !$user->getID();
$user->save();
if ($is_new) {
$log = PhabricatorUserLog::newLog($admin, $user, PhabricatorUserLog::ACTION_CREATE);
$log->save();
if ($welcome_checked) {
$user->sendWelcomeEmail($admin);
}
}
$response = id(new AphrontRedirectResponse())->setURI('/people/edit/' . $user->getID() . '/?saved=true');
return $response;
} catch (AphrontQueryDuplicateKeyException $ex) {
$errors[] = 'Username and email must be unique.';
$same_username = id(new PhabricatorUser())->loadOneWhere('username = %s', $user->getUsername());
$same_email = id(new PhabricatorUser())->loadOneWhere('email = %s', $user->getEmail());
if ($same_username) {
$e_username = '******';
}
if ($same_email) {
$e_email = 'Duplicate';
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors);
}
$form = new AphrontFormView();
$form->setUser($admin);
if ($user->getID()) {
$form->setAction('/people/edit/' . $user->getID() . '/');
} else {
$form->setAction('/people/edit/');
}
if ($user->getID()) {
$is_immutable = true;
} else {
$is_immutable = false;
}
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Username')->setName('username')->setValue($user->getUsername())->setError($e_username)->setDisabled($is_immutable)->setCaption('Usernames are permanent and can not be changed later!'))->appendChild(id(new AphrontFormTextControl())->setLabel('Real Name')->setName('realname')->setValue($user->getRealName())->setError($e_realname))->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setDisabled($is_immutable)->setValue($user->getEmail())->setError($e_email))->appendChild($this->getRoleInstructions());
if (!$user->getID()) {
$form->appendChild(id(new AphrontFormSelectControl())->setLabel('Role')->setName('role')->setValue('user')->setOptions(array('user' => 'Normal User', 'agent' => 'System Agent'))->setCaption('You can create a "system agent" account for bots, scripts, ' . 'etc.'))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('welcome', 1, 'Send "Welcome to Phabricator" email.', $welcome_checked));
} else {
$form->appendChild(id(new AphrontFormStaticControl())->setLabel('Role')->setValue($user->getIsSystemAgent() ? 'System Agent' : 'Normal User'));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Save'));
$panel = new AphrontPanelView();
if ($user->getID()) {
$panel->setHeader('Edit User');
} else {
$panel->setHeader('Create New User');
}
$panel->appendChild($form);
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
return array($error_view, $panel);
}
