Differential D18910 Diff 45370 src/applications/auth/management/PhabricatorAuthManagementRevokeWorkflow.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/management/PhabricatorAuthManagementRevokeWorkflow.php
| <?php | <?php | ||||
| final class PhabricatorAuthManagementRevokeWorkflow | final class PhabricatorAuthManagementRevokeWorkflow | ||||
| extends PhabricatorAuthManagementWorkflow { | extends PhabricatorAuthManagementWorkflow { | ||||
| protected function didConstruct() { | protected function didConstruct() { | ||||
| $this | $this | ||||
| ->setName('revoke') | ->setName('revoke') | ||||
| ->setExamples( | ->setExamples( | ||||
| "**revoke** --type __type__ --from __user__\n". | "**revoke** --list\n". | ||||
| "**revoke** --type __type__ --from __@user__\n". | |||||
| "**revoke** --everything --everywhere") | "**revoke** --everything --everywhere") | ||||
| ->setSynopsis( | ->setSynopsis( | ||||
| pht( | pht( | ||||
| 'Revoke credentials which may have been leaked or disclosed.')) | 'Revoke credentials which may have been leaked or disclosed.')) | ||||
| ->setArguments( | ->setArguments( | ||||
| array( | array( | ||||
| array( | array( | ||||
| 'name' => 'from', | 'name' => 'from', | ||||
| 'param' => 'user', | 'param' => 'object', | ||||
| 'help' => pht( | 'help' => pht( | ||||
| 'Revoke credentials for the specified user.'), | 'Revoke credentials for the specified object. To revoke '. | ||||
| 'credentials for a user, use "@username".'), | |||||
| ), | ), | ||||
| array( | array( | ||||
| 'name' => 'type', | 'name' => 'type', | ||||
| 'param' => 'type', | 'param' => 'type', | ||||
| 'help' => pht('Revoke credentials of the given type.'), | |||||
| ), | |||||
| array( | |||||
| 'name' => 'list', | |||||
| 'help' => pht( | 'help' => pht( | ||||
| 'Revoke credentials of the given type.'), | 'List information about available credential revokers.'), | ||||
| ), | ), | ||||
| array( | array( | ||||
| 'name' => 'everything', | 'name' => 'everything', | ||||
| 'help' => pht('Revoke all credentials types.'), | 'help' => pht('Revoke all credentials types.'), | ||||
| ), | ), | ||||
| array( | array( | ||||
| 'name' => 'everywhere', | 'name' => 'everywhere', | ||||
| 'help' => pht('Revoke from all credential owners.'), | 'help' => pht('Revoke from all credential owners.'), | ||||
| ), | ), | ||||
| array( | array( | ||||
| 'name' => 'force', | 'name' => 'force', | ||||
| 'help' => pht('Revoke credentials without prompting.'), | 'help' => pht('Revoke credentials without prompting.'), | ||||
| ), | ), | ||||
| )); | )); | ||||
| } | } | ||||
| public function execute(PhutilArgumentParser $args) { | public function execute(PhutilArgumentParser $args) { | ||||
| $viewer = PhabricatorUser::getOmnipotentUser(); | $viewer = $this->getViewer(); | ||||
| $all_types = PhabricatorAuthRevoker::getAllRevokers(); | $all_types = PhabricatorAuthRevoker::getAllRevokers(); | ||||
| $is_force = $args->getArg('force'); | $is_force = $args->getArg('force'); | ||||
| // The "--list" flag is compatible with revoker selection flags like | |||||
| // "--type" to filter the list, but not compatible with target selection | |||||
| // flags like "--from". | |||||
| $is_list = $args->getArg('list'); | |||||
| $type = $args->getArg('type'); | $type = $args->getArg('type'); | ||||
| $is_everything = $args->getArg('everything'); | $is_everything = $args->getArg('everything'); | ||||
| if (!strlen($type) && !$is_everything) { | if (!strlen($type) && !$is_everything) { | ||||
| if ($is_list) { | |||||
| // By default, "bin/revoke --list" implies "--everything". | |||||
| $types = $all_types; | |||||
| } else { | |||||
| throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
| pht( | pht( | ||||
| 'Specify the credential type to revoke with "--type" or specify '. | 'Specify the credential type to revoke with "--type" or specify '. | ||||
| '"--everything".')); | '"--everything". Use "--list" to list available credential '. | ||||
| 'types.')); | |||||
| } | |||||
| } else if (strlen($type) && $is_everything) { | } else if (strlen($type) && $is_everything) { | ||||
| throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
| pht( | pht( | ||||
| 'Specify the credential type to revoke with "--type" or '. | 'Specify the credential type to revoke with "--type" or '. | ||||
| '"--everything", but not both.')); | '"--everything", but not both.')); | ||||
| } else if ($is_everything) { | } else if ($is_everything) { | ||||
| $types = $all_types; | $types = $all_types; | ||||
| } else { | } else { | ||||
| if (empty($all_types[$type])) { | if (empty($all_types[$type])) { | ||||
| throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
| pht( | pht( | ||||
| 'Credential type "%s" is not valid. Valid credential types '. | 'Credential type "%s" is not valid. Valid credential types '. | ||||
| 'are: %s.', | 'are: %s.', | ||||
| $type, | $type, | ||||
| implode(', ', array_keys($all_types)))); | implode(', ', array_keys($all_types)))); | ||||
| } | } | ||||
| $types = array($all_types[$type]); | $types = array($all_types[$type]); | ||||
| } | } | ||||
| $is_everywhere = $args->getArg('everywhere'); | $is_everywhere = $args->getArg('everywhere'); | ||||
| $from = $args->getArg('from'); | $from = $args->getArg('from'); | ||||
| if ($is_list) { | |||||
| if (strlen($from) || $is_everywhere) { | |||||
| throw new PhutilArgumentUsageException( | |||||
| pht( | |||||
| 'You can not "--list" and revoke credentials (with "--from" or '. | |||||
| '"--everywhere") in the same operation.')); | |||||
| } | |||||
| } | |||||
| if ($is_list) { | |||||
| $last_key = last_key($types); | |||||
| foreach ($types as $key => $type) { | |||||
| echo tsprintf( | |||||
| "**%s** (%s)\n\n", | |||||
| $type->getRevokerKey(), | |||||
| $type->getRevokerName()); | |||||
| id(new PhutilConsoleBlock()) | |||||
| ->addParagraph(tsprintf('%B', $type->getRevokerDescription())) | |||||
| ->draw(); | |||||
| } | |||||
| return 0; | |||||
| } | |||||
| $target = null; | $target = null; | ||||
| if (!strlen($from) && !$is_everywhere) { | if (!strlen($from) && !$is_everywhere) { | ||||
| throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
| pht( | pht( | ||||
| 'Specify the target to revoke credentials from with "--from" or '. | 'Specify the target to revoke credentials from with "--from" or '. | ||||
| 'specify "--everywhere".')); | 'specify "--everywhere".')); | ||||
| } else if (strlen($from) && $is_everywhere) { | } else if (strlen($from) && $is_everywhere) { | ||||
| throw new PhutilArgumentUsageException( | throw new PhutilArgumentUsageException( | ||||
| ▲ Show 20 Lines • Show All 42 Lines • ▼ Show 20 Lines | foreach ($types as $type) { | ||||
| } | } | ||||
| echo tsprintf( | echo tsprintf( | ||||
| "%s\n", | "%s\n", | ||||
| pht( | pht( | ||||
| 'Destroyed %s credential(s) of type "%s".', | 'Destroyed %s credential(s) of type "%s".', | ||||
| new PhutilNumber($count), | new PhutilNumber($count), | ||||
| $type->getRevokerKey())); | $type->getRevokerKey())); | ||||
| $guidance = $type->getRevokerNextSteps(); | |||||
| if ($guidance !== null) { | |||||
| echo tsprintf( | |||||
| "%s\n", | |||||
| $guidance); | |||||
| } | |||||
| } | } | ||||
| echo tsprintf( | echo tsprintf( | ||||
| "%s\n", | "%s\n", | ||||
| pht('Done.')); | pht('Done.')); | ||||
| return 0; | return 0; | ||||
| } | } | ||||
| } | } | ||||