private function processImportRequest($request)
{
$admin = $request->getUser();
$usernames = $request->getArr('usernames');
$emails = $request->getArr('email');
$names = $request->getArr('name');
$notice_view = new PHUIInfoView();
$notice_view->setSeverity(PHUIInfoView::SEVERITY_NOTICE);
$notice_view->setTitle(pht('Import Successful'));
$notice_view->setErrors(array(pht('Successfully imported users from LDAP')));
$list = new PHUIObjectItemListView();
$list->setNoDataString(pht('No users imported?'));
foreach ($usernames as $username) {
$user = new PhabricatorUser();
$user->setUsername($username);
$user->setRealname($names[$username]);
$email_obj = id(new PhabricatorUserEmail())->setAddress($emails[$username])->setIsVerified(1);
try {
id(new PhabricatorUserEditor())->setActor($admin)->createNewUser($user, $email_obj);
id(new PhabricatorExternalAccount())->setUserPHID($user->getPHID())->setAccountType('ldap')->setAccountDomain('self')->setAccountID($username)->save();
$header = pht('Successfully added %s', $username);
$attribute = null;
$color = 'fa-check green';
} catch (Exception $ex) {
$header = pht('Failed to add %s', $username);
$attribute = $ex->getMessage();
$color = 'fa-times red';
}
$item = id(new PHUIObjectItemView())->setHeader($header)->addAttribute($attribute)->setStatusIcon($color);
$list->addItem($item);
}
return array($notice_view, $list);
}
private function processImportRequest($request)
{
$admin = $request->getUser();
$usernames = $request->getArr('usernames');
$emails = $request->getArr('email');
$names = $request->getArr('name');
$panel = new AphrontErrorView();
$panel->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
$panel->setTitle("Import Successful");
$errors = array("Successfully imported users from LDAP");
foreach ($usernames as $username) {
$user = new PhabricatorUser();
$user->setUsername($username);
$user->setRealname($names[$username]);
$email_obj = id(new PhabricatorUserEmail())->setAddress($emails[$username])->setIsVerified(1);
try {
id(new PhabricatorUserEditor())->setActor($admin)->createNewUser($user, $email_obj);
$ldap_info = new PhabricatorUserLDAPInfo();
$ldap_info->setLDAPUsername($username);
$ldap_info->setUserID($user->getID());
$ldap_info->save();
$errors[] = 'Successfully added ' . $username;
} catch (Exception $ex) {
$errors[] = 'Failed to add ' . $username . ' ' . $ex->getMessage();
}
}
$panel->setErrors($errors);
return $panel;
}
public function generate()
{
while (true) {
try {
$realname = $this->generateRealname();
$username = $this->generateUsername($realname);
$email = $this->generateEmail($username);
$admin = PhabricatorUser::getOmnipotentUser();
$user = new PhabricatorUser();
$user->setUsername($username);
$user->setRealname($realname);
$email_object = id(new PhabricatorUserEmail())->setAddress($email)->setIsVerified(1);
id(new PhabricatorUserEditor())->setActor($admin)->createNewUser($user, $email_object);
return $user;
} catch (AphrontDuplicateKeyQueryException $ex) {
}
}
}
public function processRequest()
{
$provider = $this->getLDAProvider();
$ldap_info = $this->getLDAPInfo();
$request = $this->getRequest();
$errors = array();
$e_username = true;
$e_email = true;
$e_realname = true;
$user = new PhabricatorUser();
$user->setUsername();
$user->setRealname($provider->retrieveUserRealName());
$new_email = $provider->retrieveUserEmail();
if ($new_email) {
// If the user's LDAP provider account has an email address but the
// email address domain is not allowed by the Phabricator configuration,
// we just pretend the provider did not supply an address.
//
// For instance, if the user uses LDAP Auth and their email address
// is "*****@*****.**" but Phabricator is configured to require users
// use "@company.com" addresses, we show a prompt below and tell the user
// to provide their "@company.com" address. They can still use the LDAP
// account to login, they just need to associate their account with an
// allowed address.
//
// If the email address is fine, we just use it and don't prompt the user.
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$new_email = null;
}
}
$show_email_input = $new_email === null;
if ($request->isFormPost()) {
$user->setUsername($request->getStr('username'));
$username = $user->getUsername();
if (!strlen($user->getUsername())) {
$e_username = '******';
$errors[] = 'Username is required.';
} else {
if (!PhabricatorUser::validateUsername($username)) {
$e_username = '******';
$errors[] = PhabricatorUser::describeValidUsername();
} else {
$e_username = null;
}
}
if (!$new_email) {
$new_email = trim($request->getStr('email'));
if (!$new_email) {
$e_email = 'Required';
$errors[] = 'Email is required.';
} else {
$e_email = null;
}
}
if ($new_email) {
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$e_email = 'Invalid';
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
}
}
if (!strlen($user->getRealName())) {
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getRealName())) {
$e_realname = 'Required';
$errors[] = 'Real name is required.';
} else {
$e_realname = null;
}
}
if (!$errors) {
try {
// NOTE: We don't verify LDAP email addresses by default because
// LDAP providers might associate email addresses with accounts that
// haven't actually verified they own them. We could selectively
// auto-verify some providers that we trust here, but the stakes for
// verifying an email address are high because having a corporate
// address at a company is sometimes the key to the castle.
$email_obj = id(new PhabricatorUserEmail())->setAddress($new_email)->setIsVerified(0);
id(new PhabricatorUserEditor())->setActor($user)->createNewUser($user, $email_obj);
$ldap_info->setUserID($user->getID());
$ldap_info->save();
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
$email_obj->sendVerificationEmail($user);
return id(new AphrontRedirectResponse())->setURI('/');
} catch (AphrontQueryDuplicateKeyException $exception) {
$same_username = id(new PhabricatorUser())->loadOneWhere('userName = %s', $user->getUserName());
$same_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $new_email);
if ($same_username) {
$e_username = '******';
$errors[] = 'That username or email is not unique.';
} else {
if ($same_email) {
$e_email = 'Duplicate';
$errors[] = 'That email is not unique.';
} else {
throw $exception;
}
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Registration Failed');
$error_view->setErrors($errors);
}
// Strip the URI down to the path, because otherwise we'll trigger
// external CSRF protection (by having a protocol in the form "action")
// and generate a form with no CSRF token.
$action_uri = new PhutilURI('/ldap/login/');
$action_path = $action_uri->getPath();
$form = new AphrontFormView();
$form->setUser($request->getUser())->setAction($action_path)->appendChild(id(new AphrontFormTextControl())->setLabel('Username')->setName('username')->setValue($user->getUsername())->setError($e_username));
$form->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password'));
if ($show_email_input) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setValue($request->getStr('email'))->setError($e_email));
}
if ($provider->retrieveUserRealName() === null) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Real Name')->setName('realname')->setValue($request->getStr('realname'))->setError($e_realname));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Create Account'));
$panel = new AphrontPanelView();
$panel->setHeader('Create New Account');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account'));
}
* limitations under the License.
*/
$root = dirname(dirname(dirname(__FILE__)));
require_once $root . '/scripts/__init_script__.php';
if ($argc !== 5) {
echo "usage: add_user.php <username> <email> <realname> <admin_user>\n";
exit(1);
}
$username = $argv[1];
$email = $argv[2];
$realname = $argv[3];
$admin = $argv[4];
$admin = id(new PhabricatorUser())->loadOneWhere('username = %s', $argv[4]);
if (!$admin) {
throw new Exception("Admin user must be the username of a valid Phabricator account, used " . "to send the new user a welcome email.");
}
$existing_user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username);
if ($existing_user) {
throw new Exception("There is already a user with the username '{$username}'!");
}
$existing_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $email);
if ($existing_email) {
throw new Exception("There is already a user with the email '{$email}'!");
}
$user = new PhabricatorUser();
$user->setUsername($username);
$user->setRealname($realname);
$email_object = id(new PhabricatorUserEmail())->setAddress($email)->setIsVerified(1);
id(new PhabricatorUserEditor())->setActor($admin)->createNewUser($user, $email_object);
$user->sendWelcomeEmail($admin);
echo "Created user '{$username}' (realname='{$realname}', email='{$email}').\n";
if ($is_first_user) {
echo "You must first create an admin user before being able to create a system agent.\n";
exit(1);
}
$username = $argv[1];
$email = $argv[2];
$realname = $argv[3];
if (!PhabricatorUser::validateUsername($username)) {
$valid = PhabricatorUser::describeValidUsername();
echo "The username '{$username}' is invalid. {$valid}\n";
exit(1);
}
$existing_user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username);
if ($existing_user) {
throw new Exception("There is already a user with the username '{$username}'!");
}
$existing_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $email);
if ($existing_email) {
throw new Exception("There is already a user with the email '{$email}'!");
}
$user_object = new PhabricatorUser();
$user_object->setUsername($username);
$user_object->setRealname($realname);
$user_object->setIsApproved(1);
$user_object->openTransaction();
$email_object = id(new PhabricatorUserEmail())->setAddress($email)->setIsVerified(1);
$editor = new PhabricatorUserEditor();
$editor->setActor($user_object);
$editor->createNewUser($user_object, $email_object);
$editor->makeSystemAgentUser($user_object, true);
$user_object->saveTransaction();
