Differential D8909 Diff 21166 src/applications/auth/management/PhabricatorAuthManagementStripWorkflow.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/management/PhabricatorAuthManagementStripWorkflow.php
- This file was added.
| <?php | |||||
| final class PhabricatorAuthManagementStripWorkflow | |||||
| extends PhabricatorAuthManagementWorkflow { | |||||
| protected function didConstruct() { | |||||
| $this | |||||
| ->setName('strip') | |||||
| ->setExamples('**strip** [--user username] [--type type]') | |||||
| ->setSynopsis( | |||||
| pht( | |||||
| 'Remove multi-factor authentication from an account.')) | |||||
| ->setArguments( | |||||
| array( | |||||
| array( | |||||
| 'name' => 'user', | |||||
| 'param' => 'username', | |||||
| 'repeat' => true, | |||||
| 'help' => pht('Strip factors from specified users.'), | |||||
| ), | |||||
| array( | |||||
| 'name' => 'all-users', | |||||
| 'help' => pht('Strip factors from all users.'), | |||||
| ), | |||||
| array( | |||||
| 'name' => 'type', | |||||
| 'param' => 'factortype', | |||||
| 'repeat' => true, | |||||
| 'help' => pht('Strip a specific factor type.'), | |||||
| ), | |||||
| array( | |||||
| 'name' => 'all-types', | |||||
| 'help' => pht('Strip all factors, regardless of type.'), | |||||
| ), | |||||
| array( | |||||
| 'name' => 'force', | |||||
| 'help' => pht('Strip factors without prompting.'), | |||||
| ), | |||||
| array( | |||||
| 'name' => 'dry-run', | |||||
| 'help' => pht('Show factors, but do not strip them.'), | |||||
| ), | |||||
| )); | |||||
| } | |||||
| public function execute(PhutilArgumentParser $args) { | |||||
| $usernames = $args->getArg('user'); | |||||
| $all_users = $args->getArg('all-users'); | |||||
| if ($usernames && $all_users) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'Specify either specific users with --user, or all users with '. | |||||
| '--all-users, but not both.')); | |||||
| } else if (!$usernames && !$all_users) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'Use --user to specify which user to strip factors from, or '. | |||||
| '--all-users to strip factors from all users.')); | |||||
| } else if ($usernames) { | |||||
| $users = id(new PhabricatorPeopleQuery()) | |||||
| ->setViewer($this->getViewer()) | |||||
| ->withUsernames($usernames) | |||||
| ->execute(); | |||||
| $users_by_username = mpull($users, null, 'getUsername'); | |||||
| foreach ($usernames as $username) { | |||||
| if (empty($users_by_username[$username])) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'No user exists with username "%s".', | |||||
| $username)); | |||||
| } | |||||
| } | |||||
| } else { | |||||
| $users = null; | |||||
| } | |||||
| $types = $args->getArg('type'); | |||||
| $all_types = $args->getArg('all-types'); | |||||
| if ($types && $all_types) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'Specify either specific factors with --type, or all factors with '. | |||||
| '--all-types, but not both.')); | |||||
| } else if (!$types && !$all_types) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'Use --type to specify which factor to strip, or --all-types to '. | |||||
| 'strip all factors. Use `auth list-factors` to show the available '. | |||||
| 'factor types.')); | |||||
| } | |||||
| if ($users && $types) { | |||||
| $factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere( | |||||
| 'userPHID IN (%Ls) AND factorKey IN (%Ls)', | |||||
| mpull($users, 'getPHID'), | |||||
| $types); | |||||
| } else if ($users) { | |||||
| $factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere( | |||||
| 'userPHID IN (%Ls)', | |||||
| mpull($users, 'getPHID')); | |||||
| } else if ($types) { | |||||
| $factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere( | |||||
| 'factorKey IN (%Ls)', | |||||
| $types); | |||||
| } else { | |||||
| $factors = id(new PhabricatorAuthFactorConfig())->loadAll(); | |||||
| } | |||||
| if (!$factors) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht('There are no matching factors to strip.')); | |||||
| } | |||||
| $handles = id(new PhabricatorHandleQuery()) | |||||
| ->setViewer($this->getViewer()) | |||||
| ->withPHIDs(mpull($factors, 'getUserPHID')) | |||||
| ->execute(); | |||||
| $console = PhutilConsole::getConsole(); | |||||
| $console->writeOut("%s\n\n", pht("These auth factors will be stripped:")); | |||||
| foreach ($factors as $factor) { | |||||
| $impl = $factor->getImplementation(); | |||||
| $console->writeOut( | |||||
| " %s\t%s\t%s\n", | |||||
| $handles[$factor->getUserPHID()]->getName(), | |||||
| $factor->getFactorKey(), | |||||
| ($impl | |||||
| ? $impl->getFactorName() | |||||
| : '?')); | |||||
| } | |||||
| $is_dry_run = $args->getArg('dry-run'); | |||||
| if ($is_dry_run) { | |||||
| $console->writeOut( | |||||
| "\n%s\n", | |||||
| pht('End of dry run.')); | |||||
| return 0; | |||||
| } | |||||
| $force = $args->getArg('force'); | |||||
| if (!$force) { | |||||
| if (!$console->confirm(pht('Strip these authentication factors?'))) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht('User aborted the workflow.')); | |||||
| } | |||||
| } | |||||
| $console->writeOut("%s\n", pht('Stripping authentication factors...')); | |||||
| foreach ($factors as $factor) { | |||||
| $factor->delete(); | |||||
| } | |||||
| $console->writeOut("%s\n", pht('Done.')); | |||||
| return 0; | |||||
| } | |||||
| } | |||||