Page MenuHomePhabricator
Create Task
Maniphest T13382

Update various user account CLI tools
Closed, ResolvedPublic
Actions

Description

See https://discourse.phabricator-community.org/t/unable-to-use-bin-accountadmin-to-make-a-new-administrator/.

Currently, there are several CLI tools:

  • bin/accountadmin
  • bin/people
  • scripts/user/add_user.php

These are all fairly weird/un-modern. I'd probably like to replace them with a single bin/user which works like this:

./bin/user create --user <username> --email <email>
./bin/user enable --user <username>
./bin/user empower --user <username> # Or "make-administrator".

The goal here is basically just to provide CLI recovery/bootstrapping tools if you really jinx your install with a series of account management mistakes. These three modes let you put some account into a valid state, and you can then bin/auth recover into it and continue from the web UI.

The commands being replaced have other capabilities:

  • Editing a real name.
  • Setting or removing the "bot" flag.
  • Verifying the primary email address.
  • Un-administrating users.
  • Filling the user profile image cache with default images.

Address verification can be done with bin/auth verify. The other functions don't seem particularly useful, and particularly aren't necessary to "break into" an install that you've locked yourself out of by disabling the only administrator account or whatever.

These changes should be coupled with a "How to fix things if you lock your keys inside your install" document, and existing references to bin/accountadmin and the other tools should be removed.

Revisions and Commits

rP Phabricator
D20729rP109d7dcaf197 Convert "Empower" from state-based MFA to one-shot MFA
D20725rP64b399d9be26 Remove "bin/accountadmin" and "scripts/user/add_user.php"
D20724rPfc34554892ec Replace "bin/people profileimage" with "bin/user enable|empower"

Event Timeline

epriestley triaged this task as Normal priority.Aug 20 2019, 2:08 PM
epriestley created this task.
Herald added a subscriber: amckinley. · View Herald TranscriptAug 20 2019, 2:08 PM
epriestley added a comment.Aug 20 2019, 2:11 PM

(You can automate at least some administrative actions at an "omnipotent" power level with bin/conduit call --method user.edit nowadays, too, although accountadmin operated with interactive prompts so it's unlikely anyone automated on top of it.)

epriestley added a comment.Aug 20 2019, 9:35 PM

You can automate at least some administrative actions...

This is somewhat untrue because *.edit calls tend to choke (there's no valid authorPHID for transactions), but could be made true in the future if interest arises.

epriestley added a revision: D20724: Replace "bin/people profileimage" with "bin/user enable|empower".Aug 20 2019, 9:45 PM
epriestley added a revision: D20725: Remove "bin/accountadmin" and "scripts/user/add_user.php".Aug 21 2019, 12:45 AM
epriestley added a commit: rPfc34554892ec: Replace "bin/people profileimage" with "bin/user enable|empower".Aug 21 2019, 12:51 AM
epriestley added a comment.Aug 21 2019, 12:55 AM

./bin/user create

I'm not sure we actually need this. The current add_user.php script isn't documented anywhere and bin/accountadmin is only interactive.

I'm just going to get rid of them and see if I can get away with it.

epriestley closed this task as Resolved by committing rP64b399d9be26: Remove "bin/accountadmin" and "scripts/user/add_user.php".Aug 21 2019, 12:58 AM
epriestley claimed this task.
epriestley added a commit: rP64b399d9be26: Remove "bin/accountadmin" and "scripts/user/add_user.php".
epriestley added a revision: D20729: Convert "Empower" from state-based MFA to one-shot MFA.Aug 22 2019, 2:07 PM
epriestley added a commit: rP109d7dcaf197: Convert "Empower" from state-based MFA to one-shot MFA.Aug 22 2019, 3:34 PM
Phabricator · Built by Phacility