Page MenuHomePhabricator
Differential D18911

Document the "bin/auth revoke" tool
ClosedPublic
Actions

Authored by epriestley on Jan 22 2018, 6:15 PM.
Tags
None
Referenced Files
F14080277: D18911.diff
Fri, Nov 22, 12:26 PM
Unknown Object (File)
Sun, Nov 17, 4:09 PM
Unknown Object (File)
Wed, Nov 13, 9:28 PM
Unknown Object (File)
Sat, Nov 9, 4:49 PM
Unknown Object (File)
Fri, Nov 8, 11:32 AM
Unknown Object (File)
Tue, Nov 5, 8:29 PM
Unknown Object (File)
Wed, Oct 30, 8:13 AM
Unknown Object (File)
Wed, Oct 23, 5:54 PM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13043: Improve authentication revocation behaviors
Commits
rPd4b3cd5255b6: Document the "bin/auth revoke" tool
Summary

Depends on D18910. Ref T13043. Provides reasonable user-facing documentation about the general role and utility of this tool.

Test Plan

Read document.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Jan 22 2018, 6:15 PM
Harbormaster completed remote builds in B19116: Diff 45329.Jan 22 2018, 6:16 PM
epriestley requested review of this revision.Jan 22 2018, 6:16 PM
epriestley updated this revision to Diff 45330.Jan 22 2018, 6:19 PM
  • Add --list examples.
  • Clarify revocation list language.
epriestley updated this revision to Diff 45331.Jan 22 2018, 6:20 PM
  • Clarify sequencing in network example.
Harbormaster completed remote builds in B19117: Diff 45330.Jan 22 2018, 6:21 PM
Harbormaster completed remote builds in B19118: Diff 45331.
epriestley added a child revision: D18916: Rename "PhabricatorPasswordHashInterface" to "PhabricatorAuthPasswordHashInterface".Jan 23 2018, 4:11 PM
amckinley requested changes to this revision.Jan 23 2018, 8:42 PM

The tone of this doc is a little glib and light for documentation that will frequently be viewed in an emergency. I get that "You might do this with these commands:" is intended to suggest there are multiple ways to achieve the same result, but could also convey the impression that this set of commands might not actually accomplish the desired result. This page should give an administrator the warm fuzzies after carrying out the suggested steps.

src/docs/user/field/revoking_credentials.diviner
40

"extensions"

67

"tooling"?

76–77

"you should revoke" instead of "you may want to"

83–86

Just for the record, the result of the above is the same as --everything --everywhere, except the above keeps SSH keys, right?

93–94

"If you believe a user's credentials have been compromised" makes more sense than "affected by a compromise".

Also, "you should revoke" instead of "you may want to".

104–106

Too snarky for emergency documentation.

This revision now requires changes to proceed.Jan 23 2018, 8:42 PM
epriestley mentioned this in D18910: Add "bin/auth revoke --list" to explain what can be revoked.Jan 23 2018, 8:44 PM
epriestley added inline comments.Jan 23 2018, 8:49 PM
src/docs/user/field/revoking_credentials.diviner
67

Reworded "no toolset available" to "are no tools available".

76–77

Yeah, future changes and hypothetical third-party stuff excepted.

epriestley updated this revision to Diff 45359.Jan 23 2018, 8:51 PM
  • Be more direct about what to do and how to do it.

The cost of over-revoking is ultimately small so I think this is generally reasonable anyway.

Harbormaster completed remote builds in B19146: Diff 45359.Jan 23 2018, 8:52 PM
amckinley accepted this revision.Jan 23 2018, 9:17 PM
This revision is now accepted and ready to land.Jan 23 2018, 9:17 PM
Closed by commit rPd4b3cd5255b6: Document the "bin/auth revoke" tool (authored by epriestley). · Explain WhyJan 23 2018, 10:02 PM
This revision was automatically updated to reflect the committed changes.
epriestley mentioned this in T13043: Improve authentication revocation behaviors.Jan 23 2018, 11:43 PM

Revision Contents
Changeset List

PathSize
src/
docs/
user/
field/
101 lines

Diff 45371

View Options

src/docs/user/field/revoking_credentials.diviner

Loading...
Phabricator · Built by Phacility