Differential D18910 Diff 45370 src/applications/auth/management/PhabricatorAuthManagementRevokeWorkflow.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/management/PhabricatorAuthManagementRevokeWorkflow.php
<?php | <?php | ||||
final class PhabricatorAuthManagementRevokeWorkflow | final class PhabricatorAuthManagementRevokeWorkflow | ||||
extends PhabricatorAuthManagementWorkflow { | extends PhabricatorAuthManagementWorkflow { | ||||
protected function didConstruct() { | protected function didConstruct() { | ||||
$this | $this | ||||
->setName('revoke') | ->setName('revoke') | ||||
->setExamples( | ->setExamples( | ||||
"**revoke** --type __type__ --from __user__\n". | "**revoke** --list\n". | ||||
"**revoke** --type __type__ --from __@user__\n". | |||||
"**revoke** --everything --everywhere") | "**revoke** --everything --everywhere") | ||||
->setSynopsis( | ->setSynopsis( | ||||
pht( | pht( | ||||
'Revoke credentials which may have been leaked or disclosed.')) | 'Revoke credentials which may have been leaked or disclosed.')) | ||||
->setArguments( | ->setArguments( | ||||
array( | array( | ||||
array( | array( | ||||
'name' => 'from', | 'name' => 'from', | ||||
'param' => 'user', | 'param' => 'object', | ||||
'help' => pht( | 'help' => pht( | ||||
'Revoke credentials for the specified user.'), | 'Revoke credentials for the specified object. To revoke '. | ||||
'credentials for a user, use "@username".'), | |||||
), | ), | ||||
array( | array( | ||||
'name' => 'type', | 'name' => 'type', | ||||
'param' => 'type', | 'param' => 'type', | ||||
'help' => pht('Revoke credentials of the given type.'), | |||||
), | |||||
array( | |||||
'name' => 'list', | |||||
'help' => pht( | 'help' => pht( | ||||
'Revoke credentials of the given type.'), | 'List information about available credential revokers.'), | ||||
), | ), | ||||
array( | array( | ||||
'name' => 'everything', | 'name' => 'everything', | ||||
'help' => pht('Revoke all credentials types.'), | 'help' => pht('Revoke all credentials types.'), | ||||
), | ), | ||||
array( | array( | ||||
'name' => 'everywhere', | 'name' => 'everywhere', | ||||
'help' => pht('Revoke from all credential owners.'), | 'help' => pht('Revoke from all credential owners.'), | ||||
), | ), | ||||
array( | array( | ||||
'name' => 'force', | 'name' => 'force', | ||||
'help' => pht('Revoke credentials without prompting.'), | 'help' => pht('Revoke credentials without prompting.'), | ||||
), | ), | ||||
)); | )); | ||||
} | } | ||||
public function execute(PhutilArgumentParser $args) { | public function execute(PhutilArgumentParser $args) { | ||||
$viewer = PhabricatorUser::getOmnipotentUser(); | $viewer = $this->getViewer(); | ||||
$all_types = PhabricatorAuthRevoker::getAllRevokers(); | $all_types = PhabricatorAuthRevoker::getAllRevokers(); | ||||
$is_force = $args->getArg('force'); | $is_force = $args->getArg('force'); | ||||
// The "--list" flag is compatible with revoker selection flags like | |||||
// "--type" to filter the list, but not compatible with target selection | |||||
// flags like "--from". | |||||
$is_list = $args->getArg('list'); | |||||
$type = $args->getArg('type'); | $type = $args->getArg('type'); | ||||
$is_everything = $args->getArg('everything'); | $is_everything = $args->getArg('everything'); | ||||
if (!strlen($type) && !$is_everything) { | if (!strlen($type) && !$is_everything) { | ||||
if ($is_list) { | |||||
// By default, "bin/revoke --list" implies "--everything". | |||||
$types = $all_types; | |||||
} else { | |||||
throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
pht( | pht( | ||||
'Specify the credential type to revoke with "--type" or specify '. | 'Specify the credential type to revoke with "--type" or specify '. | ||||
'"--everything".')); | '"--everything". Use "--list" to list available credential '. | ||||
'types.')); | |||||
} | |||||
} else if (strlen($type) && $is_everything) { | } else if (strlen($type) && $is_everything) { | ||||
throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
pht( | pht( | ||||
'Specify the credential type to revoke with "--type" or '. | 'Specify the credential type to revoke with "--type" or '. | ||||
'"--everything", but not both.')); | '"--everything", but not both.')); | ||||
} else if ($is_everything) { | } else if ($is_everything) { | ||||
$types = $all_types; | $types = $all_types; | ||||
} else { | } else { | ||||
if (empty($all_types[$type])) { | if (empty($all_types[$type])) { | ||||
throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
pht( | pht( | ||||
'Credential type "%s" is not valid. Valid credential types '. | 'Credential type "%s" is not valid. Valid credential types '. | ||||
'are: %s.', | 'are: %s.', | ||||
$type, | $type, | ||||
implode(', ', array_keys($all_types)))); | implode(', ', array_keys($all_types)))); | ||||
} | } | ||||
$types = array($all_types[$type]); | $types = array($all_types[$type]); | ||||
} | } | ||||
$is_everywhere = $args->getArg('everywhere'); | $is_everywhere = $args->getArg('everywhere'); | ||||
$from = $args->getArg('from'); | $from = $args->getArg('from'); | ||||
if ($is_list) { | |||||
if (strlen($from) || $is_everywhere) { | |||||
throw new PhutilArgumentUsageException( | |||||
pht( | |||||
'You can not "--list" and revoke credentials (with "--from" or '. | |||||
'"--everywhere") in the same operation.')); | |||||
} | |||||
} | |||||
if ($is_list) { | |||||
$last_key = last_key($types); | |||||
foreach ($types as $key => $type) { | |||||
echo tsprintf( | |||||
"**%s** (%s)\n\n", | |||||
$type->getRevokerKey(), | |||||
$type->getRevokerName()); | |||||
id(new PhutilConsoleBlock()) | |||||
->addParagraph(tsprintf('%B', $type->getRevokerDescription())) | |||||
->draw(); | |||||
} | |||||
return 0; | |||||
} | |||||
$target = null; | $target = null; | ||||
if (!strlen($from) && !$is_everywhere) { | if (!strlen($from) && !$is_everywhere) { | ||||
throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
pht( | pht( | ||||
'Specify the target to revoke credentials from with "--from" or '. | 'Specify the target to revoke credentials from with "--from" or '. | ||||
'specify "--everywhere".')); | 'specify "--everywhere".')); | ||||
} else if (strlen($from) && $is_everywhere) { | } else if (strlen($from) && $is_everywhere) { | ||||
throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
▲ Show 20 Lines • Show All 42 Lines • ▼ Show 20 Lines | foreach ($types as $type) { | ||||
} | } | ||||
echo tsprintf( | echo tsprintf( | ||||
"%s\n", | "%s\n", | ||||
pht( | pht( | ||||
'Destroyed %s credential(s) of type "%s".', | 'Destroyed %s credential(s) of type "%s".', | ||||
new PhutilNumber($count), | new PhutilNumber($count), | ||||
$type->getRevokerKey())); | $type->getRevokerKey())); | ||||
$guidance = $type->getRevokerNextSteps(); | |||||
if ($guidance !== null) { | |||||
echo tsprintf( | |||||
"%s\n", | |||||
$guidance); | |||||
} | |||||
} | } | ||||
echo tsprintf( | echo tsprintf( | ||||
"%s\n", | "%s\n", | ||||
pht('Done.')); | pht('Done.')); | ||||
return 0; | return 0; | ||||
} | } | ||||
} | } |