Provide contextual help on auth provider configuration

Summary:
Ref T1536.

  - Move all the provider-specific help into contextual help in Auth.
  - This provides help much more contextually, and we can just tell the user the right values to use to configure things.
  - Rewrite account/registration help to reflect the newer state of the word.
  - Also clean up a few other loose ends.

Test Plan: {F46937}

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6247

Author: epriestley

conf/default.conf.php

@@ -553,11 +553,6 @@
 
 // -- Auth ------------------------------------------------------------------ //
 
-  // Can users login with a username/password, or by following the link from
-  // a password reset email? You can disable this and configure one or more
-  // OAuth providers instead.
-  'auth.password-auth-enabled'  => true,
-
   // Maximum number of simultaneous web sessions each user is permitted to have.
   // Setting this to "1" will prevent a user from logging in on more than one
   // browser at the same time.
@@ -1032,10 +1027,6 @@
   'aphront.default-application-configuration-class' =>
     'AphrontDefaultApplicationConfiguration',
 
-  'controller.oauth-registration' =>
-    'PhabricatorOAuthDefaultRegistrationController',
-
-
   // Directory that phd (the Phabricator daemon control script) should use to
   // track running daemons.
   'phd.pid-directory' => '/var/tmp/phd/pid',

src/applications/auth/application/PhabricatorApplicationAuth.php

@@ -14,6 +14,18 @@ public function getIconName() {
     return 'authentication';
   }
 
+  public function getHelpURI() {
+    // NOTE: Although reasonable help exists for this in "Configuring Accounts
+    // and Registration", specifying a help URI here means we get the menu
+    // item in all the login/link interfaces, which is confusing and not
+    // helpful.
+
+    // TODO: Special case this, or split the auth and auth administration
+    // applications?
+
+    return null;
+  }
+
   public function buildMainMenuItems(
     PhabricatorUser $user,
     PhabricatorController $controller = null) {

src/applications/auth/controller/PhabricatorEmailLoginController.php

@@ -10,7 +10,7 @@ public function shouldRequireLogin() {
   public function processRequest() {
     $request = $this->getRequest();
 
-    if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
+    if (!PhabricatorAuthProviderPassword::getPasswordProvider()) {
       return new Aphront400Response();
     }
 

src/applications/auth/controller/PhabricatorEmailTokenController.php

@@ -74,7 +74,7 @@ public function processRequest() {
     unset($unguarded);
 
     $next = '/';
-    if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
+    if (!PhabricatorAuthProviderPassword::getPasswordProvider()) {
       $next = '/settings/panel/external/';
     } else if (PhabricatorEnv::getEnvConfig('account.editable')) {
       $next = (string)id(new PhutilURI('/settings/panel/password/'))

src/applications/auth/controller/config/PhabricatorAuthEditController.php

@@ -224,6 +224,12 @@ public function processRequest() {
           ->addCancelButton($cancel_uri)
           ->setValue($button));
 
+    $help = $provider->getConfigurationHelp();
+    if ($help) {
+      $form->appendChild(id(new PHUIFormDividerControl()));
+      $form->appendRemarkupInstructions($help);
+    }
+
     $crumbs = $this->buildApplicationCrumbs();
     $crumbs->addCrumb(
       id(new PhabricatorCrumbView())

src/applications/auth/provider/PhabricatorAuthProvider.php

@@ -21,6 +21,10 @@ public function getProviderConfig() {
     return $this->providerConfig;
   }
 
+  public function getConfigurationHelp() {
+    return null;
+  }
+
   public function getDefaultProviderConfig() {
     return id(new PhabricatorAuthProviderConfig())
       ->setProviderClass(get_class($this))

src/applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php

@@ -7,6 +7,24 @@ public function getProviderName() {
     return pht('Disqus');
   }
 
+  public function getConfigurationHelp() {
+    $login_uri = $this->getLoginURI();
+
+    return pht(
+      "To configure Disqus OAuth, create a new application here:".
+      "\n\n".
+      "http://disqus.com/api/applications/".
+      "\n\n".
+      "Create an application, then adjust these settings:".
+      "\n\n".
+      "  - **Callback URL:** Set this to `%s`".
+      "\n\n".
+      "After creating an application, copy the **Public Key** and ".
+      "**Secret Key** to the fields above (the **Public Key** goes in ".
+      "**OAuth App ID**).",
+      $login_uri);
+  }
+
   protected function newOAuthAdapter() {
     return new PhutilAuthAdapterOAuthDisqus();
   }

src/applications/auth/provider/PhabricatorAuthProviderOAuthFacebook.php

@@ -9,6 +9,25 @@ public function getProviderName() {
     return pht('Facebook');
   }
 
+  public function getConfigurationHelp() {
+    $uri = new PhutilURI(PhabricatorEnv::getProductionURI('/'));
+    return pht(
+      'To configure Facebook OAuth, create a new Facebook Application here:'.
+      "\n\n".
+      'https://developers.facebook.com/apps'.
+      "\n\n".
+      'You should use these settings in your application:'.
+      "\n\n".
+      "  - **Site URL**: Set this to your full domain with protocol. For ".
+      "    this Phabricator install, the correct value is: `%s`\n".
+      "  - **Site Domain**: Set this to the full domain without a protocol. ".
+      "    For this Phabricator install, the correct value is: `%s`\n\n".
+      "After creating your new application, copy the **App ID** and ".
+      "**App Secret** to the fields above.",
+      (string)$uri,
+      $uri->getDomain());
+  }
+
   public function getDefaultProviderConfig() {
     return parent::getDefaultProviderConfig()
       ->setProperty(self::KEY_REQUIRE_SECURE, 1);

src/applications/auth/provider/PhabricatorAuthProviderOAuthGitHub.php

@@ -7,6 +7,27 @@ public function getProviderName() {
     return pht('GitHub');
   }
 
+  public function getConfigurationHelp() {
+    $uri = PhabricatorEnv::getProductionURI('/');
+    $callback_uri = $this->getLoginURI();
+
+    return pht(
+      "To configure GitHub OAuth, create a new GitHub Application here:".
+      "\n\n".
+      "https://github.com/settings/applications/new".
+      "\n\n".
+      "You should use these settings in your application:".
+      "\n\n".
+      "  - **URL:** Set this to your full domain with protocol. For this ".
+      "    Phabricator install, the correct value is: `%s`\n".
+      "  - **Callback URL**: Set this to: `%s`\n".
+      "\n\n".
+      "Once you've created an application, copy the **Client ID** and ".
+      "**Client Secret** into the fields above.",
+      $uri,
+      $callback_uri);
+  }
+
   protected function newOAuthAdapter() {
     return new PhutilAuthAdapterOAuthGitHub();
   }

src/applications/auth/provider/PhabricatorAuthProviderOAuthGoogle.php

@@ -7,6 +7,27 @@ public function getProviderName() {
     return pht('Google');
   }
 
+  public function getConfigurationHelp() {
+    $login_uri = $this->getLoginURI();
+
+    return pht(
+      "To configure Google OAuth, create a new 'API Project' here:".
+      "\n\n".
+      "https://code.google.com/apis/console/".
+      "\n\n".
+      "You don't need to enable any Services, just go to **API Access**, ".
+      "click **Create an OAuth 2.0 client ID...**, and configure these ".
+      "settings:".
+      "\n\n".
+      "  - During initial setup click **More Options** (or after creating ".
+      "    the client ID, click **Edit Settings...**), then add this to ".
+      "    **Authorized Redirect URIs**: `%s`\n".
+      "\n\n".
+      "After completing configuration, copy the **Client ID** and ".
+      "**Client Secret** to the fields above.",
+      $login_uri);
+  }
+
   protected function newOAuthAdapter() {
     return new PhutilAuthAdapterOAuthGoogle();
   }