HomePhabricator

Add `bin/auth list-factors` and `bin/auth strip` to remove multi-factor auth

Description

Add bin/auth list-factors and bin/auth strip to remove multi-factor auth

Summary:
Ref T4398. The major goals here is to let administrators strip auth factors in two cases:

  • A user lost their phone and needs access restored to their account; or
  • an install previously used an API-based factor like SMS, but want to stop supporting it (this isn't possible today).

Test Plan:

  • Used bin/auth list-factors to show installed factors.
  • Used bin/auth strip with various mixtures of flags to selectively choose and strip factors from accounts.
  • Also ran bin/auth refresh to verify refreshing OAuth tokens works (small OAuth vs OAuth2 tweak).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8909

Event Timeline