Page MenuHomePhabricator
Files F15433227

D19976.id47676.diff
No OneTemporary
Actions

D19976.id47676.diff
View Options

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -7877,6 +7877,7 @@
'PhabricatorAuthFactorConfig' => array(
'PhabricatorAuthDAO',
'PhabricatorPolicyInterface',
+ 'PhabricatorDestructibleInterface',
),
'PhabricatorAuthFactorConfigQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
'PhabricatorAuthFactorProvider' => array(
diff --git a/src/applications/auth/management/PhabricatorAuthManagementListFactorsWorkflow.php b/src/applications/auth/management/PhabricatorAuthManagementListFactorsWorkflow.php
--- a/src/applications/auth/management/PhabricatorAuthManagementListFactorsWorkflow.php
+++ b/src/applications/auth/management/PhabricatorAuthManagementListFactorsWorkflow.php
@@ -5,21 +5,25 @@
protected function didConstruct() {
$this
- ->setName('list-factors')
- ->setExamples('**list-factors**')
- ->setSynopsis(pht('List available multi-factor authentication factors.'))
+ ->setName('list-providers')
+ ->setExamples('**list-providers**')
+ ->setSynopsis(
+ pht('List available multi-factor authentication providers.'))
->setArguments(array());
}
public function execute(PhutilArgumentParser $args) {
- $factors = PhabricatorAuthFactor::getAllFactors();
+ $viewer = $this->getViewer();
- $console = PhutilConsole::getConsole();
- foreach ($factors as $factor) {
- $console->writeOut(
+ $providers = id(new PhabricatorAuthFactorProviderQuery())
+ ->setViewer($viewer)
+ ->execute();
+
+ foreach ($providers as $provider) {
+ echo tsprintf(
"%s\t%s\n",
- $factor->getFactorKey(),
- $factor->getFactorName());
+ $provider->getPHID(),
+ $provider->getDisplayName());
}
return 0;
diff --git a/src/applications/auth/management/PhabricatorAuthManagementStripWorkflow.php b/src/applications/auth/management/PhabricatorAuthManagementStripWorkflow.php
--- a/src/applications/auth/management/PhabricatorAuthManagementStripWorkflow.php
+++ b/src/applications/auth/management/PhabricatorAuthManagementStripWorkflow.php
@@ -22,9 +22,11 @@
),
array(
'name' => 'type',
- 'param' => 'factortype',
+ 'param' => 'phid',
'repeat' => true,
- 'help' => pht('Strip a specific factor type.'),
+ 'help' => pht(
+ 'Strip factors from a specific provider. '.
+ 'Use `auth list-providers` to list providers.'),
),
array(
'name' => 'all-types',
@@ -42,6 +44,8 @@
}
public function execute(PhutilArgumentParser $args) {
+ $viewer = $this->getViewer();
+
$usernames = $args->getArg('user');
$all_users = $args->getArg('all-users');
@@ -83,56 +87,72 @@
if ($types && $all_types) {
throw new PhutilArgumentUsageException(
pht(
- 'Specify either specific factors with --type, or all factors with '.
+ 'Specify either specific factors with --type, or all providers with '.
'--all-types, but not both.'));
} else if (!$types && !$all_types) {
throw new PhutilArgumentUsageException(
pht(
'Use --type to specify which factor to strip, or --all-types to '.
- 'strip all factors. Use `auth list-factors` to show the available '.
- 'factor types.'));
+ 'strip all factors. Use `auth list-providers` to show the available '.
+ 'providers.'));
+ }
+
+ $provider_query = id(new PhabricatorAuthFactorProviderQuery())
+ ->setViewer($viewer);
+ if ($types) {
+ $provider_query->withPHIDs($types);
}
+ $providers = $provider_query->execute();
+ $providers = mpull($providers, null, 'getPHID');
- if ($users && $types) {
- $factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere(
- 'userPHID IN (%Ls) AND factorKey IN (%Ls)',
- mpull($users, 'getPHID'),
- $types);
- } else if ($users) {
- $factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere(
- 'userPHID IN (%Ls)',
- mpull($users, 'getPHID'));
- } else if ($types) {
- $factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere(
- 'factorKey IN (%Ls)',
- $types);
+ if ($types) {
+ foreach ($types as $type) {
+ if (!isset($providers[$type])) {
+ throw new PhutilArgumentUsageException(
+ pht(
+ 'No provider with PHID "%s" exists. Use `auth list-providers` '.
+ 'to list providers.',
+ $type));
+ }
+ }
} else {
- $factors = id(new PhabricatorAuthFactorConfig())->loadAll();
+ if (!$providers) {
+ throw new PhutilArgumentUsageException(
+ pht(
+ 'There are no configured multi-factor providers.'));
+ }
}
- if (!$factors) {
+ $config_query = id(new PhabricatorAuthFactorConfigQuery())
+ ->setViewer($viewer)
+ ->withFactorProviderPHIDs(array_keys($providers));
+
+ if ($users) {
+ $config_query->withUserPHIDs(mpull($users, 'getPHID'));
+ }
+
+ $configs = $config_query->execute();
+
+ if (!$configs) {
throw new PhutilArgumentUsageException(
pht('There are no matching factors to strip.'));
}
$handles = id(new PhabricatorHandleQuery())
->setViewer($this->getViewer())
- ->withPHIDs(mpull($factors, 'getUserPHID'))
+ ->withPHIDs(mpull($configs, 'getUserPHID'))
->execute();
$console = PhutilConsole::getConsole();
$console->writeOut("%s\n\n", pht('These auth factors will be stripped:'));
- foreach ($factors as $factor) {
- $impl = $factor->getImplementation();
- $console->writeOut(
- " %s\t%s\t%s\n",
- $handles[$factor->getUserPHID()]->getName(),
- $factor->getFactorKey(),
- ($impl
- ? $impl->getFactorName()
- : '?'));
+ foreach ($configs as $config) {
+ $provider = $config->getFactorProvider();
+ echo tsprintf(
+ " %s\t%s\n",
+ $handles[$config->getUserPHID()]->getName(),
+ $provider->getDisplayName());
}
$is_dry_run = $args->getArg('dry-run');
@@ -154,17 +174,9 @@
$console->writeOut("%s\n", pht('Stripping authentication factors...'));
- foreach ($factors as $factor) {
- $user = id(new PhabricatorPeopleQuery())
- ->setViewer($this->getViewer())
- ->withPHIDs(array($factor->getUserPHID()))
- ->executeOne();
-
- $factor->delete();
-
- if ($user) {
- $user->updateMultiFactorEnrollment();
- }
+ $engine = new PhabricatorDestructionEngine();
+ foreach ($configs as $config) {
+ $engine->destroyObject($config);
}
$console->writeOut("%s\n", pht('Done.'));
diff --git a/src/applications/auth/query/PhabricatorAuthFactorConfigQuery.php b/src/applications/auth/query/PhabricatorAuthFactorConfigQuery.php
--- a/src/applications/auth/query/PhabricatorAuthFactorConfigQuery.php
+++ b/src/applications/auth/query/PhabricatorAuthFactorConfigQuery.php
@@ -6,6 +6,7 @@
private $ids;
private $phids;
private $userPHIDs;
+ private $factorProviderPHIDs;
public function withIDs(array $ids) {
$this->ids = $ids;
@@ -22,6 +23,11 @@
return $this;
}
+ public function withFactorProviderPHIDs(array $provider_phids) {
+ $this->factorProviderPHIDs = $provider_phids;
+ return $this;
+ }
+
public function newResultObject() {
return new PhabricatorAuthFactorConfig();
}
@@ -54,6 +60,13 @@
$this->userPHIDs);
}
+ if ($this->factorProviderPHIDs !== null) {
+ $where[] = qsprintf(
+ $conn,
+ 'factorProviderPHID IN (%Ls)',
+ $this->factorProviderPHIDs);
+ }
+
return $where;
}
diff --git a/src/applications/auth/storage/PhabricatorAuthFactorConfig.php b/src/applications/auth/storage/PhabricatorAuthFactorConfig.php
--- a/src/applications/auth/storage/PhabricatorAuthFactorConfig.php
+++ b/src/applications/auth/storage/PhabricatorAuthFactorConfig.php
@@ -1,8 +1,11 @@
<?php
+
final class PhabricatorAuthFactorConfig
extends PhabricatorAuthDAO
- implements PhabricatorPolicyInterface {
+ implements
+ PhabricatorPolicyInterface,
+ PhabricatorDestructibleInterface {
protected $userPHID;
protected $factorProviderPHID;
@@ -77,4 +80,23 @@
return false;
}
+
+/* -( PhabricatorDestructibleInterface )----------------------------------- */
+
+
+ public function destroyObjectPermanently(
+ PhabricatorDestructionEngine $engine) {
+
+ $user = id(new PhabricatorPeopleQuery())
+ ->setViewer($engine->getViewer())
+ ->withPHIDs(array($this->getUserPHID()))
+ ->executeOne();
+
+ $this->delete();
+
+ if ($user) {
+ $user->updateMultiFactorEnrollment();
+ }
+ }
+
}
diff --git a/src/docs/user/userguide/multi_factor_auth.diviner b/src/docs/user/userguide/multi_factor_auth.diviner
--- a/src/docs/user/userguide/multi_factor_auth.diviner
+++ b/src/docs/user/userguide/multi_factor_auth.diviner
@@ -126,9 +126,9 @@
arguments.
This command can selectively strip types of factors. You can use
-`bin/auth list-factors` for a list of available factor types.
+`bin/auth list-providers` for a list of available providers.
```lang=console
# Show supported factor types.
-phabricator/ $ ./bin/auth list-factors
+phabricator/ $ ./bin/auth list-providers
```

File Metadata

Mime Type
text/plain
Expires
Tue, Mar 25, 10:09 PM (1 w, 3 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7722795
Default Alt Text
D19976.id47676.diff (9 KB)

Event Timeline

Phabricator · Built by Phacility