public function testUsernameValidation()
{
$map = array('alincoln' => true, 'alincoln69' => true, 'hd3' => true, 'Alincoln' => true, 'a.lincoln' => true, 'alincoln!' => false, '' => false, '7' => true, '0' => true, '____' => true, '-' => true, 'joe.' => false, '<script>' => false, 'a lincoln' => false, ' alincoln' => false, 'alincoln ' => false, 'a,lincoln' => false, 'a&lincoln' => false, 'a/lincoln' => false, "username\n" => false, "user\nname" => false, "\nusername" => false, "username\r" => false, "user\rname" => false, "\rusername" => false);
foreach ($map as $name => $expect) {
$this->assertEqual($expect, PhabricatorUser::validateUsername($name), pht("Validity of '%s'.", $name));
}
}
public function testUsernameValidation()
{
$map = array('alincoln' => true, 'alincoln69' => true, 'hd3' => true, '7' => true, '0' => true, 'Alincoln' => true, 'alincoln!' => false, ' alincoln' => false, '____' => false, '' => false);
foreach ($map as $name => $expect) {
$this->assertEqual($expect, PhabricatorUser::validateUsername($name), "Validity of '{$name}'.");
}
}
public function processRequest()
{
$request = $this->getRequest();
$admin = $request->getUser();
$user = id(new PhabricatorPeopleQuery())->setViewer($admin)->withIDs(array($this->id))->executeOne();
if (!$user) {
return new Aphront404Response();
}
$profile_uri = '/p/' . $user->getUsername() . '/';
id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($admin, $request, $profile_uri);
$errors = array();
$v_username = $user->getUsername();
$e_username = true;
if ($request->isFormPost()) {
$v_username = $request->getStr('username');
if (!strlen($v_username)) {
$e_username = pht('Required');
$errors[] = pht('New username is required.');
} else {
if ($v_username == $user->getUsername()) {
$e_username = pht('Invalid');
$errors[] = pht('New username must be different from old username.');
} else {
if (!PhabricatorUser::validateUsername($v_username)) {
$e_username = pht('Invalid');
$errors[] = PhabricatorUser::describeValidUsername();
}
}
}
if (!$errors) {
try {
id(new PhabricatorUserEditor())->setActor($admin)->changeUsername($user, $v_username);
$new_uri = '/p/' . $v_username . '/';
return id(new AphrontRedirectResponse())->setURI($new_uri);
} catch (AphrontDuplicateKeyQueryException $ex) {
$e_username = pht('Not Unique');
$errors[] = pht('Another user already has that username.');
}
}
}
$inst1 = pht('Be careful when renaming users!');
$inst2 = pht('The old username will no longer be tied to the user, so anything ' . 'which uses it (like old commit messages) will no longer associate ' . 'correctly. (And, if you give a user a username which some other user ' . 'used to have, username lookups will begin returning the wrong user.)');
$inst3 = pht('It is generally safe to rename newly created users (and test users ' . 'and so on), but less safe to rename established users and unsafe to ' . 'reissue a username.');
$inst4 = pht('Users who rely on password authentication will need to reset their ' . 'password after their username is changed (their username is part of ' . 'the salt in the password hash).');
$inst5 = pht('The user will receive an email notifying them that you changed their ' . 'username, with instructions for logging in and resetting their ' . 'password if necessary.');
$form = id(new AphrontFormView())->setUser($admin)->appendChild(id(new AphrontFormStaticControl())->setLabel(pht('Old Username'))->setValue($user->getUsername()))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('New Username'))->setValue($v_username)->setName('username')->setError($e_username));
if ($errors) {
$errors = id(new AphrontErrorView())->setErrors($errors);
}
return $this->newDialog()->setWidth(AphrontDialogView::WIDTH_FORM)->setTitle(pht('Change Username'))->appendChild($errors)->appendParagraph($inst1)->appendParagraph($inst2)->appendParagraph($inst3)->appendParagraph($inst4)->appendParagraph($inst5)->appendParagraph(null)->appendChild($form->buildLayoutView())->addSubmitButton(pht('Rename User'))->addCancelButton($profile_uri);
}
private function processRenameRequest(PhabricatorUser $user)
{
$request = $this->getRequest();
$admin = $request->getUser();
$e_username = true;
$username = $user->getUsername();
$errors = array();
if ($request->isFormPost()) {
$username = $request->getStr('username');
if (!strlen($username)) {
$e_username = '******';
$errors[] = 'New username is required.';
} else {
if ($username == $user->getUsername()) {
$e_username = '******';
$errors[] = 'New username must be different from old username.';
} else {
if (!PhabricatorUser::validateUsername($username)) {
$e_username = '******';
$errors[] = PhabricatorUser::describeValidUsername();
}
}
}
if (!$errors) {
try {
id(new PhabricatorUserEditor())->setActor($admin)->changeUsername($user, $username);
return id(new AphrontRedirectResponse())->setURI($request->getRequestURI()->alter('saved', true));
} catch (AphrontQueryDuplicateKeyException $ex) {
$e_username = '******';
$errors[] = 'Another user already has that username.';
}
}
}
if ($errors) {
$errors = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors);
} else {
$errors = null;
}
$form = new AphrontFormView();
$form->setUser($admin)->setAction($request->getRequestURI())->appendChild('<p class="aphront-form-instructions">' . '<strong>Be careful when renaming users!</strong> ' . 'The old username will no longer be tied to the user, so anything ' . 'which uses it (like old commit messages) will no longer associate ' . 'correctly. And if you give a user a username which some other user ' . 'used to have, username lookups will begin returning the wrong ' . 'user.' . '</p>' . '<p class="aphront-form-instructions">' . 'It is generally safe to rename newly created users (and test users ' . 'and so on), but less safe to rename established users and unsafe ' . 'to reissue a username.' . '</p>' . '<p class="aphront-form-instructions">' . 'Users who rely on password auth will need to reset their password ' . 'after their username is changed (their username is part of the ' . 'salt in the password hash). They will receive an email with ' . 'instructions on how to do this.' . '</p>')->appendChild(id(new AphrontFormStaticControl())->setLabel('Old Username')->setValue($user->getUsername()))->appendChild(id(new AphrontFormTextControl())->setLabel('New Username')->setValue($username)->setName('username')->setError($e_username))->appendChild(id(new AphrontFormSubmitControl())->setValue('Change Username'));
$panel = new AphrontPanelView();
$panel->setHeader('Change Username');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return array($errors, $panel);
}
public function processRequest()
{
$provider = $this->getLDAProvider();
$ldap_info = $this->getLDAPInfo();
$request = $this->getRequest();
$errors = array();
$e_username = true;
$e_email = true;
$e_realname = true;
$user = new PhabricatorUser();
$user->setUsername();
$user->setRealname($provider->retrieveUserRealName());
$new_email = $provider->retrieveUserEmail();
if ($new_email) {
// If the user's LDAP provider account has an email address but the
// email address domain is not allowed by the Phabricator configuration,
// we just pretend the provider did not supply an address.
//
// For instance, if the user uses LDAP Auth and their email address
// is "*****@*****.**" but Phabricator is configured to require users
// use "@company.com" addresses, we show a prompt below and tell the user
// to provide their "@company.com" address. They can still use the LDAP
// account to login, they just need to associate their account with an
// allowed address.
//
// If the email address is fine, we just use it and don't prompt the user.
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$new_email = null;
}
}
$show_email_input = $new_email === null;
if ($request->isFormPost()) {
$user->setUsername($request->getStr('username'));
$username = $user->getUsername();
if (!strlen($user->getUsername())) {
$e_username = '******';
$errors[] = 'Username is required.';
} else {
if (!PhabricatorUser::validateUsername($username)) {
$e_username = '******';
$errors[] = PhabricatorUser::describeValidUsername();
} else {
$e_username = null;
}
}
if (!$new_email) {
$new_email = trim($request->getStr('email'));
if (!$new_email) {
$e_email = 'Required';
$errors[] = 'Email is required.';
} else {
$e_email = null;
}
}
if ($new_email) {
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$e_email = 'Invalid';
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
}
}
if (!strlen($user->getRealName())) {
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getRealName())) {
$e_realname = 'Required';
$errors[] = 'Real name is required.';
} else {
$e_realname = null;
}
}
if (!$errors) {
try {
// NOTE: We don't verify LDAP email addresses by default because
// LDAP providers might associate email addresses with accounts that
// haven't actually verified they own them. We could selectively
// auto-verify some providers that we trust here, but the stakes for
// verifying an email address are high because having a corporate
// address at a company is sometimes the key to the castle.
$email_obj = id(new PhabricatorUserEmail())->setAddress($new_email)->setIsVerified(0);
id(new PhabricatorUserEditor())->setActor($user)->createNewUser($user, $email_obj);
$ldap_info->setUserID($user->getID());
$ldap_info->save();
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
$email_obj->sendVerificationEmail($user);
return id(new AphrontRedirectResponse())->setURI('/');
} catch (AphrontQueryDuplicateKeyException $exception) {
$same_username = id(new PhabricatorUser())->loadOneWhere('userName = %s', $user->getUserName());
$same_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $new_email);
if ($same_username) {
$e_username = '******';
$errors[] = 'That username or email is not unique.';
} else {
if ($same_email) {
$e_email = 'Duplicate';
$errors[] = 'That email is not unique.';
} else {
throw $exception;
}
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Registration Failed');
$error_view->setErrors($errors);
}
// Strip the URI down to the path, because otherwise we'll trigger
// external CSRF protection (by having a protocol in the form "action")
// and generate a form with no CSRF token.
$action_uri = new PhutilURI('/ldap/login/');
$action_path = $action_uri->getPath();
$form = new AphrontFormView();
$form->setUser($request->getUser())->setAction($action_path)->appendChild(id(new AphrontFormTextControl())->setLabel('Username')->setName('username')->setValue($user->getUsername())->setError($e_username));
$form->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password'));
if ($show_email_input) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setValue($request->getStr('email'))->setError($e_email));
}
if ($provider->retrieveUserRealName() === null) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Real Name')->setName('realname')->setValue($request->getStr('realname'))->setError($e_realname));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Create Account'));
$panel = new AphrontPanelView();
$panel->setHeader('Create New Account');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account'));
}
public function processRequest()
{
$request = $this->getRequest();
if ($request->getUser()->isLoggedIn()) {
return $this->renderError(pht('You are already logged in.'));
}
$is_setup = false;
if (strlen($this->accountKey)) {
$result = $this->loadAccountForRegistrationOrLinking($this->accountKey);
list($account, $provider, $response) = $result;
$is_default = false;
} else {
if ($this->isFirstTimeSetup()) {
list($account, $provider, $response) = $this->loadSetupAccount();
$is_default = true;
$is_setup = true;
} else {
list($account, $provider, $response) = $this->loadDefaultAccount();
$is_default = true;
}
}
if ($response) {
return $response;
}
$invite = $this->loadInvite();
if (!$provider->shouldAllowRegistration()) {
if ($invite) {
// If the user has an invite, we allow them to register with any
// provider, even a login-only provider.
} else {
// TODO: This is a routine error if you click "Login" on an external
// auth source which doesn't allow registration. The error should be
// more tailored.
return $this->renderError(pht('The account you are attempting to register with uses an ' . 'authentication provider ("%s") which does not allow ' . 'registration. An administrator may have recently disabled ' . 'registration with this provider.', $provider->getProviderName()));
}
}
$user = new PhabricatorUser();
$default_username = $account->getUsername();
$default_realname = $account->getRealName();
$default_email = $account->getEmail();
if ($invite) {
$default_email = $invite->getEmailAddress();
}
if (!PhabricatorUserEmail::isValidAddress($default_email)) {
$default_email = null;
}
if ($default_email !== null) {
// We should bypass policy here becase e.g. limiting an application use
// to a subset of users should not allow the others to overwrite
// configured application emails
$application_email = id(new PhabricatorMetaMTAApplicationEmailQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withAddresses(array($default_email))->executeOne();
if ($application_email) {
$default_email = null;
}
}
if ($default_email !== null) {
// If the account source provided an email, but it's not allowed by
// the configuration, roadblock the user. Previously, we let the user
// pick a valid email address instead, but this does not align well with
// user expectation and it's not clear the cases it enables are valuable.
// See discussion in T3472.
if (!PhabricatorUserEmail::isAllowedAddress($default_email)) {
return $this->renderError(array(pht('The account you are attempting to register with has an invalid ' . 'email address (%s). This Phabricator install only allows ' . 'registration with specific email addresses:', $default_email), phutil_tag('br'), phutil_tag('br'), PhabricatorUserEmail::describeAllowedAddresses()));
}
// If the account source provided an email, but another account already
// has that email, just pretend we didn't get an email.
// TODO: See T3472.
if ($default_email !== null) {
$same_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $default_email);
if ($same_email) {
if ($invite) {
// We're allowing this to continue. The fact that we loaded the
// invite means that the address is nonprimary and unverified and
// we're OK to steal it.
} else {
$default_email = null;
}
}
}
}
$profile = id(new PhabricatorRegistrationProfile())->setDefaultUsername($default_username)->setDefaultEmail($default_email)->setDefaultRealName($default_realname)->setCanEditUsername(true)->setCanEditEmail($default_email === null)->setCanEditRealName(true)->setShouldVerifyEmail(false);
$event_type = PhabricatorEventType::TYPE_AUTH_WILLREGISTERUSER;
$event_data = array('account' => $account, 'profile' => $profile);
$event = id(new PhabricatorEvent($event_type, $event_data))->setUser($user);
PhutilEventEngine::dispatchEvent($event);
$default_username = $profile->getDefaultUsername();
$default_email = $profile->getDefaultEmail();
$default_realname = $profile->getDefaultRealName();
$can_edit_username = $profile->getCanEditUsername();
$can_edit_email = $profile->getCanEditEmail();
$can_edit_realname = $profile->getCanEditRealName();
$must_set_password = $provider->shouldRequireRegistrationPassword();
$can_edit_anything = $profile->getCanEditAnything() || $must_set_password;
$force_verify = $profile->getShouldVerifyEmail();
// Automatically verify the administrator's email address during first-time
// setup.
if ($is_setup) {
$force_verify = true;
}
$value_username = $default_username;
$value_realname = $default_realname;
$value_email = $default_email;
$value_password = null;
$errors = array();
$require_real_name = PhabricatorEnv::getEnvConfig('user.require-real-name');
$e_username = strlen($value_username) ? null : true;
$e_realname = $require_real_name ? true : null;
$e_email = strlen($value_email) ? null : true;
$e_password = true;
$e_captcha = true;
$skip_captcha = false;
if ($invite) {
// If the user is accepting an invite, assume they're trustworthy enough
// that we don't need to CAPTCHA them.
$skip_captcha = true;
}
$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length');
$min_len = (int) $min_len;
$from_invite = $request->getStr('invite');
if ($from_invite && $can_edit_username) {
$value_username = $request->getStr('username');
$e_username = null;
}
if (($request->isFormPost() || !$can_edit_anything) && !$from_invite) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
if ($must_set_password && !$skip_captcha) {
$e_captcha = pht('Again');
$captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request);
if (!$captcha_ok) {
$errors[] = pht('Captcha response is incorrect, try again.');
$e_captcha = pht('Invalid');
}
}
if ($can_edit_username) {
$value_username = $request->getStr('username');
if (!strlen($value_username)) {
$e_username = pht('Required');
$errors[] = pht('Username is required.');
} else {
if (!PhabricatorUser::validateUsername($value_username)) {
$e_username = pht('Invalid');
$errors[] = PhabricatorUser::describeValidUsername();
} else {
$e_username = null;
}
}
}
if ($must_set_password) {
$value_password = $request->getStr('password');
$value_confirm = $request->getStr('confirm');
if (!strlen($value_password)) {
$e_password = pht('Required');
$errors[] = pht('You must choose a password.');
} else {
if ($value_password !== $value_confirm) {
$e_password = pht('No Match');
$errors[] = pht('Password and confirmation must match.');
} else {
if (strlen($value_password) < $min_len) {
$e_password = pht('Too Short');
$errors[] = pht('Password is too short (must be at least %d characters long).', $min_len);
} else {
if (PhabricatorCommonPasswords::isCommonPassword($value_password)) {
$e_password = pht('Very Weak');
$errors[] = pht('Password is pathologically weak. This password is one of the ' . 'most common passwords in use, and is extremely easy for ' . 'attackers to guess. You must choose a stronger password.');
} else {
$e_password = null;
}
}
}
}
}
if ($can_edit_email) {
$value_email = $request->getStr('email');
if (!strlen($value_email)) {
$e_email = pht('Required');
$errors[] = pht('Email is required.');
} else {
if (!PhabricatorUserEmail::isValidAddress($value_email)) {
$e_email = pht('Invalid');
$errors[] = PhabricatorUserEmail::describeValidAddresses();
} else {
if (!PhabricatorUserEmail::isAllowedAddress($value_email)) {
$e_email = pht('Disallowed');
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
} else {
$e_email = null;
}
}
}
}
if ($can_edit_realname) {
$value_realname = $request->getStr('realName');
if (!strlen($value_realname) && $require_real_name) {
$e_realname = pht('Required');
$errors[] = pht('Real name is required.');
} else {
$e_realname = null;
}
}
if (!$errors) {
$image = $this->loadProfilePicture($account);
if ($image) {
$user->setProfileImagePHID($image->getPHID());
}
try {
$verify_email = false;
if ($force_verify) {
$verify_email = true;
}
if ($value_email === $default_email) {
if ($account->getEmailVerified()) {
$verify_email = true;
}
if ($provider->shouldTrustEmails()) {
$verify_email = true;
}
if ($invite) {
$verify_email = true;
}
}
$email_obj = null;
if ($invite) {
// If we have a valid invite, this email may exist but be
// nonprimary and unverified, so we'll reassign it.
$email_obj = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $value_email);
}
if (!$email_obj) {
$email_obj = id(new PhabricatorUserEmail())->setAddress($value_email);
}
$email_obj->setIsVerified((int) $verify_email);
$user->setUsername($value_username);
$user->setRealname($value_realname);
if ($is_setup) {
$must_approve = false;
} else {
if ($invite) {
$must_approve = false;
} else {
$must_approve = PhabricatorEnv::getEnvConfig('auth.require-approval');
}
}
if ($must_approve) {
$user->setIsApproved(0);
} else {
$user->setIsApproved(1);
}
if ($invite) {
$allow_reassign_email = true;
} else {
$allow_reassign_email = false;
}
$user->openTransaction();
$editor = id(new PhabricatorUserEditor())->setActor($user);
$editor->createNewUser($user, $email_obj, $allow_reassign_email);
if ($must_set_password) {
$envelope = new PhutilOpaqueEnvelope($value_password);
$editor->changePassword($user, $envelope);
}
if ($is_setup) {
$editor->makeAdminUser($user, true);
}
$account->setUserPHID($user->getPHID());
$provider->willRegisterAccount($account);
$account->save();
$user->saveTransaction();
if (!$email_obj->getIsVerified()) {
$email_obj->sendVerificationEmail($user);
}
if ($must_approve) {
$this->sendWaitingForApprovalEmail($user);
}
if ($invite) {
$invite->setAcceptedByPHID($user->getPHID())->save();
}
return $this->loginUser($user);
} catch (AphrontDuplicateKeyQueryException $exception) {
$same_username = id(new PhabricatorUser())->loadOneWhere('userName = %s', $user->getUserName());
$same_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $value_email);
if ($same_username) {
$e_username = pht('Duplicate');
$errors[] = pht('Another user already has that username.');
}
if ($same_email) {
// TODO: See T3340.
$e_email = pht('Duplicate');
$errors[] = pht('Another user already has that email.');
}
if (!$same_username && !$same_email) {
throw $exception;
}
}
}
unset($unguarded);
}
$form = id(new AphrontFormView())->setUser($request->getUser());
if (!$is_default) {
$form->appendChild(id(new AphrontFormMarkupControl())->setLabel(pht('External Account'))->setValue(id(new PhabricatorAuthAccountView())->setUser($request->getUser())->setExternalAccount($account)->setAuthProvider($provider)));
}
if ($can_edit_username) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Phabricator Username'))->setName('username')->setValue($value_username)->setError($e_username));
} else {
$form->appendChild(id(new AphrontFormMarkupControl())->setLabel(pht('Phabricator Username'))->setValue($value_username)->setError($e_username));
}
if ($can_edit_realname) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Real Name'))->setName('realName')->setValue($value_realname)->setError($e_realname));
}
if ($must_set_password) {
$form->appendChild(id(new AphrontFormPasswordControl())->setLabel(pht('Password'))->setName('password')->setError($e_password));
$form->appendChild(id(new AphrontFormPasswordControl())->setLabel(pht('Confirm Password'))->setName('confirm')->setError($e_password)->setCaption($min_len ? pht('Minimum length of %d characters.', $min_len) : null));
}
if ($can_edit_email) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Email'))->setName('email')->setValue($value_email)->setCaption(PhabricatorUserEmail::describeAllowedAddresses())->setError($e_email));
}
if ($must_set_password && !$skip_captcha) {
$form->appendChild(id(new AphrontFormRecaptchaControl())->setLabel(pht('Captcha'))->setError($e_captcha));
}
$submit = id(new AphrontFormSubmitControl());
if ($is_setup) {
$submit->setValue(pht('Create Admin Account'));
} else {
$submit->addCancelButton($this->getApplicationURI('start/'))->setValue(pht('Register Phabricator Account'));
}
$form->appendChild($submit);
$crumbs = $this->buildApplicationCrumbs();
if ($is_setup) {
$crumbs->addTextCrumb(pht('Setup Admin Account'));
$title = pht('Welcome to Phabricator');
} else {
$crumbs->addTextCrumb(pht('Register'));
$crumbs->addTextCrumb($provider->getProviderName());
$title = pht('Phabricator Registration');
}
$welcome_view = null;
if ($is_setup) {
$welcome_view = id(new PHUIInfoView())->setSeverity(PHUIInfoView::SEVERITY_NOTICE)->setTitle(pht('Welcome to Phabricator'))->appendChild(pht('Installation is complete. Register your administrator account ' . 'below to log in. You will be able to configure options and add ' . 'other authentication mechanisms (like LDAP or OAuth) later on.'));
}
$object_box = id(new PHUIObjectBoxView())->setHeaderText($title)->setForm($form)->setFormErrors($errors);
$invite_header = null;
if ($invite) {
$invite_header = $this->renderInviteHeader($invite);
}
return $this->buildApplicationPage(array($crumbs, $welcome_view, $invite_header, $object_box), array('title' => $title));
}
/**
* @task edit
*/
public function changeUsername(PhabricatorUser $user, $username)
{
$actor = $this->requireActor();
if (!$user->getID()) {
throw new Exception("User has not been created yet!");
}
if (!PhabricatorUser::validateUsername($username)) {
$valid = PhabricatorUser::describeValidUsername();
throw new Exception("Username is invalid! {$valid}");
}
$old_username = $user->getUsername();
$user->openTransaction();
$user->reload();
$user->setUsername($username);
try {
$user->save();
} catch (AphrontQueryDuplicateKeyException $ex) {
$user->setUsername($old_username);
$user->killTransaction();
throw $ex;
}
$log = PhabricatorUserLog::newLog($this->actor, $user, PhabricatorUserLog::ACTION_CHANGE_USERNAME);
$log->setOldValue($old_username);
$log->setNewValue($username);
$log->save();
$user->saveTransaction();
$user->sendUsernameChangeEmail($actor, $old_username);
}
$any_user = queryfx_one($table->establishConnection('r'), 'SELECT * FROM %T LIMIT 1', $table->getTableName());
$is_first_user = !$any_user;
if ($is_first_user) {
echo pht("WARNING\n\n" . "You're about to create the first account on this install. Normally, " . "you should use the web interface to create the first account, not " . "this script.\n\n" . "If you use the web interface, it will drop you into a nice UI workflow " . "which gives you more help setting up your install. If you create an " . "account with this script instead, you will skip the setup help and you " . "will not be able to access it later.");
if (!phutil_console_confirm(pht('Skip easy setup and create account?'))) {
echo pht('Cancelled.') . "\n";
exit(1);
}
}
echo pht('Enter a username to create a new account or edit an existing account.');
$username = phutil_console_prompt(pht('Enter a username:'******'Cancelled.') . "\n";
exit(1);
}
if (!PhabricatorUser::validateUsername($username)) {
$valid = PhabricatorUser::describeValidUsername();
echo pht("The username '%s' is invalid. %s", $username, $valid) . "\n";
exit(1);
}
$user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username);
if (!$user) {
$original = new PhabricatorUser();
echo pht("There is no existing user account '%s'.", $username) . "\n";
$ok = phutil_console_confirm(pht("Do you want to create a new '%s' account?", $username), $default_no = false);
if (!$ok) {
echo pht('Cancelled.') . "\n";
exit(1);
}
$user = new PhabricatorUser();
$user->setUsername($username);
public function processRequest()
{
$provider = $this->getOAuthProvider();
$oauth_info = $this->getOAuthInfo();
$request = $this->getRequest();
$errors = array();
$e_username = true;
$e_email = true;
$e_realname = true;
$user = new PhabricatorUser();
$user->setUsername($provider->retrieveUserAccountName());
$user->setRealName($provider->retrieveUserRealName());
$user->setEmail($provider->retrieveUserEmail());
if ($request->isFormPost()) {
$user->setUsername($request->getStr('username'));
$username = $user->getUsername();
if (!strlen($user->getUsername())) {
$e_username = '******';
$errors[] = 'Username is required.';
} else {
if (!PhabricatorUser::validateUsername($username)) {
$e_username = '******';
$errors[] = 'Username must consist of only numbers and letters.';
} else {
$e_username = null;
}
}
if ($user->getEmail() === null) {
$user->setEmail($request->getStr('email'));
if (!strlen($user->getEmail())) {
$e_email = 'Required';
$errors[] = 'Email is required.';
} else {
$e_email = null;
}
}
if (!strlen($user->getRealName())) {
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getRealName())) {
$e_realname = 'Required';
$errors[] = 'Real name is required.';
} else {
$e_realname = null;
}
}
if (!$errors) {
$image = $provider->retrieveUserProfileImage();
if ($image) {
$file = PhabricatorFile::newFromFileData($image, array('name' => $provider->getProviderKey() . '-profile.jpg', 'authorPHID' => $user->getPHID()));
$user->setProfileImagePHID($file->getPHID());
}
try {
$user->save();
$oauth_info->setUserID($user->getID());
$oauth_info->save();
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
return id(new AphrontRedirectResponse())->setURI('/');
} catch (AphrontQueryDuplicateKeyException $exception) {
$same_username = id(new PhabricatorUser())->loadOneWhere('userName = %s', $user->getUserName());
$same_email = id(new PhabricatorUser())->loadOneWhere('email = %s', $user->getEmail());
if ($same_username) {
$e_username = '******';
$errors[] = 'That username or email is not unique.';
} else {
if ($same_email) {
$e_email = 'Duplicate';
$errors[] = 'That email is not unique.';
} else {
throw $exception;
}
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Registration Failed');
$error_view->setErrors($errors);
}
// Strip the URI down to the path, because otherwise we'll trigger
// external CSRF protection (by having a protocol in the form "action")
// and generate a form with no CSRF token.
$action_uri = new PhutilURI($provider->getRedirectURI());
$action_path = $action_uri->getPath();
$form = new AphrontFormView();
$form->addHiddenInput('token', $provider->getAccessToken())->addHiddenInput('expires', $oauth_info->getTokenExpires())->addHiddenInput('state', $this->getOAuthState())->setUser($request->getUser())->setAction($action_path)->appendChild(id(new AphrontFormTextControl())->setLabel('Username')->setName('username')->setValue($user->getUsername())->setError($e_username));
if ($provider->retrieveUserEmail() === null) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setValue($request->getStr('email'))->setError($e_email));
}
if ($provider->retrieveUserRealName() === null) {
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Real Name')->setName('realname')->setValue($request->getStr('realname'))->setError($e_realname));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Create Account'));
$panel = new AphrontPanelView();
$panel->setHeader('Create New Account');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account'));
}
public function processRequest()
{
$request = $this->getRequest();
$admin = $request->getUser();
switch ($this->type) {
case 'standard':
$is_bot = false;
break;
case 'bot':
$is_bot = true;
break;
default:
return new Aphront404Response();
}
$user = new PhabricatorUser();
$require_real_name = PhabricatorEnv::getEnvConfig('user.require-real-name');
$e_username = true;
$e_realname = $require_real_name ? true : null;
$e_email = true;
$errors = array();
$welcome_checked = true;
$new_email = null;
$request = $this->getRequest();
if ($request->isFormPost()) {
$welcome_checked = $request->getInt('welcome');
$user->setUsername($request->getStr('username'));
$new_email = $request->getStr('email');
if (!strlen($new_email)) {
$errors[] = pht('Email is required.');
$e_email = pht('Required');
} else {
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$e_email = pht('Invalid');
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
} else {
$e_email = null;
}
}
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getUsername())) {
$errors[] = pht('Username is required.');
$e_username = pht('Required');
} else {
if (!PhabricatorUser::validateUsername($user->getUsername())) {
$errors[] = PhabricatorUser::describeValidUsername();
$e_username = pht('Invalid');
} else {
$e_username = null;
}
}
if (!strlen($user->getRealName()) && $require_real_name) {
$errors[] = pht('Real name is required.');
$e_realname = pht('Required');
} else {
$e_realname = null;
}
if (!$errors) {
try {
$email = id(new PhabricatorUserEmail())->setAddress($new_email)->setIsVerified(0);
// Automatically approve the user, since an admin is creating them.
$user->setIsApproved(1);
// If the user is a bot, approve their email too.
if ($is_bot) {
$email->setIsVerified(1);
}
id(new PhabricatorUserEditor())->setActor($admin)->createNewUser($user, $email);
if ($is_bot) {
id(new PhabricatorUserEditor())->setActor($admin)->makeSystemAgentUser($user, true);
}
if ($welcome_checked && !$is_bot) {
$user->sendWelcomeEmail($admin);
}
$response = id(new AphrontRedirectResponse())->setURI('/p/' . $user->getUsername() . '/');
return $response;
} catch (AphrontDuplicateKeyQueryException $ex) {
$errors[] = pht('Username and email must be unique.');
$same_username = id(new PhabricatorUser())->loadOneWhere('username = %s', $user->getUsername());
$same_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $new_email);
if ($same_username) {
$e_username = pht('Duplicate');
}
if ($same_email) {
$e_email = pht('Duplicate');
}
}
}
}
$form = id(new AphrontFormView())->setUser($admin);
if ($is_bot) {
$form->appendRemarkupInstructions(pht('You are creating a new **bot/script** user account.'));
} else {
$form->appendRemarkupInstructions(pht('You are creating a new **standard** user account.'));
}
$form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Username'))->setName('username')->setValue($user->getUsername())->setError($e_username))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Real Name'))->setName('realname')->setValue($user->getRealName())->setError($e_realname))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Email'))->setName('email')->setValue($new_email)->setCaption(PhabricatorUserEmail::describeAllowedAddresses())->setError($e_email));
if (!$is_bot) {
$form->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('welcome', 1, pht('Send "Welcome to Phabricator" email with login instructions.'), $welcome_checked));
}
$form->appendChild(id(new AphrontFormSubmitControl())->addCancelButton($this->getApplicationURI())->setValue(pht('Create User')));
if ($is_bot) {
$form->appendChild(id(new AphrontFormDividerControl()))->appendRemarkupInstructions(pht('**Why do bot/script accounts need an email address?**' . "\n\n" . 'Although bots do not normally receive email from Phabricator, ' . 'they can interact with other systems which require an email ' . 'address. Examples include:' . "\n\n" . " - If the account takes actions which //send// email, we need " . " an address to use in the //From// header.\n" . " - If the account creates commits, Git and Mercurial require " . " an email address for authorship.\n" . " - If you send email //to// Phabricator on behalf of the " . " account, the address can identify the sender.\n" . " - Some internal authentication functions depend on accounts " . " having an email address.\n" . "\n\n" . "The address will automatically be verified, so you do not need " . "to be able to receive mail at this address, and can enter some " . "invalid or nonexistent (but correctly formatted) address like " . "`bot@yourcompany.com` if you prefer."));
}
$title = pht('Create New User');
$form_box = id(new PHUIObjectBoxView())->setHeaderText($title)->setFormErrors($errors)->setForm($form);
$crumbs = $this->buildApplicationCrumbs();
$crumbs->addTextCrumb($title);
return $this->buildApplicationPage(array($crumbs, $form_box), array('title' => $title));
}
private function processBasicRequest(PhabricatorUser $user)
{
$request = $this->getRequest();
$admin = $request->getUser();
$e_username = true;
$e_realname = true;
$e_email = true;
$errors = array();
$welcome_checked = true;
$request = $this->getRequest();
if ($request->isFormPost()) {
$welcome_checked = $request->getInt('welcome');
if (!$user->getID()) {
$user->setUsername($request->getStr('username'));
$user->setEmail($request->getStr('email'));
if ($request->getStr('role') == 'agent') {
$user->setIsSystemAgent(true);
}
}
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getUsername())) {
$errors[] = "Username is required.";
$e_username = '******';
} else {
if (!PhabricatorUser::validateUsername($user->getUsername())) {
$errors[] = "Username must consist of only numbers and letters.";
$e_username = '******';
} else {
$e_username = null;
}
}
if (!strlen($user->getRealName())) {
$errors[] = 'Real name is required.';
$e_realname = 'Required';
} else {
$e_realname = null;
}
if (!strlen($user->getEmail())) {
$errors[] = 'Email is required.';
$e_email = 'Required';
} else {
$e_email = null;
}
if (!$errors) {
try {
$is_new = !$user->getID();
$user->save();
if ($is_new) {
$log = PhabricatorUserLog::newLog($admin, $user, PhabricatorUserLog::ACTION_CREATE);
$log->save();
if ($welcome_checked) {
$user->sendWelcomeEmail($admin);
}
}
$response = id(new AphrontRedirectResponse())->setURI('/people/edit/' . $user->getID() . '/?saved=true');
return $response;
} catch (AphrontQueryDuplicateKeyException $ex) {
$errors[] = 'Username and email must be unique.';
$same_username = id(new PhabricatorUser())->loadOneWhere('username = %s', $user->getUsername());
$same_email = id(new PhabricatorUser())->loadOneWhere('email = %s', $user->getEmail());
if ($same_username) {
$e_username = '******';
}
if ($same_email) {
$e_email = 'Duplicate';
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors);
}
$form = new AphrontFormView();
$form->setUser($admin);
if ($user->getID()) {
$form->setAction('/people/edit/' . $user->getID() . '/');
} else {
$form->setAction('/people/edit/');
}
if ($user->getID()) {
$is_immutable = true;
} else {
$is_immutable = false;
}
$form->appendChild(id(new AphrontFormTextControl())->setLabel('Username')->setName('username')->setValue($user->getUsername())->setError($e_username)->setDisabled($is_immutable)->setCaption('Usernames are permanent and can not be changed later!'))->appendChild(id(new AphrontFormTextControl())->setLabel('Real Name')->setName('realname')->setValue($user->getRealName())->setError($e_realname))->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setDisabled($is_immutable)->setValue($user->getEmail())->setError($e_email))->appendChild($this->getRoleInstructions());
if (!$user->getID()) {
$form->appendChild(id(new AphrontFormSelectControl())->setLabel('Role')->setName('role')->setValue('user')->setOptions(array('user' => 'Normal User', 'agent' => 'System Agent'))->setCaption('You can create a "system agent" account for bots, scripts, ' . 'etc.'))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('welcome', 1, 'Send "Welcome to Phabricator" email.', $welcome_checked));
} else {
$form->appendChild(id(new AphrontFormStaticControl())->setLabel('Role')->setValue($user->getIsSystemAgent() ? 'System Agent' : 'Normal User'));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Save'));
$panel = new AphrontPanelView();
if ($user->getID()) {
$panel->setHeader('Edit User');
} else {
$panel->setHeader('Create New User');
}
$panel->appendChild($form);
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
return array($error_view, $panel);
}
