Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/revoker/PhabricatorAuthPasswordRevoker.php
<?php | <?php | ||||
final class PhabricatorAuthPasswordRevoker | final class PhabricatorAuthPasswordRevoker | ||||
extends PhabricatorAuthRevoker { | extends PhabricatorAuthRevoker { | ||||
const REVOKERKEY = 'password'; | const REVOKERKEY = 'password'; | ||||
public function getRevokerName() { | |||||
return pht('Passwords'); | |||||
} | |||||
public function getRevokerDescription() { | |||||
return pht( | |||||
"Revokes all stored passwords.\n\n". | |||||
"Account passwords and VCS passwords (used to access repositories ". | |||||
"over HTTP) will both be revoked. Passwords for any third party ". | |||||
"applications which use shared password infrastructure will also ". | |||||
"be revoked.\n\n". | |||||
"Users will need to reset account passwords, possibly by using the ". | |||||
"\"Forgot Password?\" link on the login page. They will also need ". | |||||
"to reset VCS passwords.\n\n". | |||||
"Passwords are revoked, not just removed. Users will be unable to ". | |||||
"select the passwords they used previously and must choose new, ". | |||||
"unique passwords.\n\n". | |||||
"Revoking passwords will not terminate outstanding login sessions. ". | |||||
"Use the \"session\" revoker in conjunction with this revoker to force ". | |||||
"users to login again."); | |||||
amckinley: This feels weird... if you're responding to a possible compromise, why would you want to revoke… | |||||
} | |||||
public function getRevokerNextSteps() { | |||||
return pht( | |||||
'NOTE: Revoking passwords does not terminate existing sessions which '. | |||||
'were established using the old passwords. To terminate existing '. | |||||
'sessions, run the "session" revoker now.'); | |||||
} | |||||
public function revokeAllCredentials() { | public function revokeAllCredentials() { | ||||
$query = new PhabricatorAuthPasswordQuery(); | $query = new PhabricatorAuthPasswordQuery(); | ||||
return $this->revokeWithQuery($query); | return $this->revokeWithQuery($query); | ||||
} | } | ||||
public function revokeCredentialsFrom($object) { | public function revokeCredentialsFrom($object) { | ||||
$query = id(new PhabricatorAuthPasswordQuery()) | $query = id(new PhabricatorAuthPasswordQuery()) | ||||
->withObjectPHIDs(array($object->getPHID())); | ->withObjectPHIDs(array($object->getPHID())); | ||||
Show All 37 Lines |
This feels weird... if you're responding to a possible compromise, why would you want to revoke passwords without also terminating sessions?