Page MenuHomePhabricator
Differential D18901

Remove "set password" from `bin/accountadmin` and let `bin/auth recover` recover anyone
ClosedPublic
Actions

Authored by epriestley on Jan 22 2018, 12:08 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 11, 8:08 AM
Unknown Object (File)
Sun, Apr 7, 11:01 AM
Unknown Object (File)
Sun, Apr 7, 4:02 AM
Unknown Object (File)
Sat, Apr 6, 7:46 PM
Unknown Object (File)
Sat, Apr 6, 8:18 AM
Unknown Object (File)
Fri, Apr 5, 7:20 PM
Unknown Object (File)
Thu, Apr 4, 5:36 PM
Unknown Object (File)
Tue, Apr 2, 4:47 PM
View All Files
Subscribers
moodboom

Details

Reviewers
amckinley
Maniphest Tasks
T13043: Improve authentication revocation behaviors
Commits
rPaa3b582c7b72: Remove "set password" from `bin/accountadmin` and let `bin/auth recover`…
Summary

Ref T13043. This cleans some things up to prepare for moving account passwords to shared infrastructure.

Currently, the (very old, fairly unusual) bin/accountadmin tool can set account passwords. This is a bit weird, generally not great, and makes upgrading to shared infrastructure more difficult. Just get rid of this to simplify things. Many installs don't have passwords and this is pointless and unhelpful in those cases.

Instead, let bin/auth recover recover any account, not just administrator accounts. This was a guardrail against administrative abuse, but it has always seemed especially flimsy (since anyone who can run the tool can easily comment out the checks) and I use this tool in cluster support with some frequency, occasionally just commenting out the checks. This is generally a better solution than actually setting a password on accounts anyway. Just get rid of the check and give users enough rope to shoot themselves in the foot with if they truly desire.

Test Plan
  • Ran bin/accountadmin, didn't get prompted to swap passwords anymore.
  • Ran bin/auth recover to recover a non-admin account.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Jan 22 2018, 12:08 AM
Harbormaster completed remote builds in B19104: Diff 45317.Jan 22 2018, 12:08 AM
Harbormaster completed remote builds in B19104: Diff 45317.
epriestley requested review of this revision.Jan 22 2018, 12:10 AM
epriestley edited the summary of this revision. (Show Details)Jan 22 2018, 12:28 AM
amckinley accepted this revision.Jan 23 2018, 6:25 PM
This revision is now accepted and ready to land.Jan 23 2018, 6:25 PM
Closed by commit rPaa3b582c7b72: Remove "set password" from `bin/accountadmin` and let `bin/auth recover`… (authored by epriestley). · Explain WhyJan 23 2018, 6:58 PM
This revision was automatically updated to reflect the committed changes.
moodboom added a subscriber: moodboom.Jan 19 2019, 10:48 PM

Working great here, but it appears that the documentation needs to be updated to include this "top secret" :-) information.

amckinley added a comment.Jan 21 2019, 8:00 PM
In D18901#249481, @moodboom wrote:

Working great here, but it appears that the documentation needs to be updated to include this "top secret" :-) information.

Thanks for the report. Fixed in D20007.

epriestley mentioned this in T7732: Convoluted flow when locked out of account with only one auth provider.Feb 6 2019, 4:35 PM

Revision Contents
Changeset List

PathSize
scripts/
user/
20 lines
src/
applications/
auth/
management/
35 lines

Diff 45357

View Options

scripts/user/account_admin.php

Loading...
View Options

src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php

Loading...
Phabricator · Built by Phacility