phorge-phorge/scripts/user/add_user.php

#!/usr/bin/env php
<?php

$root = dirname(dirname(dirname(__FILE__)));
require_once $root.'/scripts/__init_script__.php';

if ($argc !== 5) {
  echo pht(
    "Usage: %s\n",
    'add_user.php <username> <email> <realname> <admin_user>');
  exit(1);
}

$username = $argv[1];
$email = $argv[2];
$realname = $argv[3];
$admin = $argv[4];

$admin = id(new PhabricatorUser())->loadOneWhere(
  'username = %s',
  $argv[4]);
if (!$admin) {
  throw new Exception(
    pht(
      'Admin user must be the username of a valid Phabricator account, used '.
      'to send the new user a welcome email.'));
}

$existing_user = id(new PhabricatorUser())->loadOneWhere(
  'username = %s',
  $username);
if ($existing_user) {
  throw new Exception(
    pht(
      "There is already a user with the username '%s'!",
      $username));
}

$existing_email = id(new PhabricatorUserEmail())->loadOneWhere(
  'address = %s',
  $email);
if ($existing_email) {
  throw new Exception(
    pht(
      "There is already a user with the email '%s'!",
      $email));
}

$user = new PhabricatorUser();
$user->setUsername($username);
$user->setRealname($realname);
$user->setIsApproved(1);

$email_object = id(new PhabricatorUserEmail())
  ->setAddress($email)
  ->setIsVerified(1);

id(new PhabricatorUserEditor())
  ->setActor($admin)
  ->createNewUser($user, $email_object);

$user->sendWelcomeEmail($admin);

echo pht(
  "Created user '%s' (realname='%s', email='%s').\n",
  $username,
  $realname,
  $email);
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00			`#!/usr/bin/env php`
			`<?php`

			`$root = dirname(dirname(dirname(__FILE__)));`
			`require_once $root.'/scripts/__init_script__.php';`

			`if ($argc !== 5) {`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 09:27:56 +02:00			`echo pht(`
			`"Usage: %s\n",`
			`'add_user.php <username> <email> <realname> <admin_user>');`
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00			`exit(1);`
			`}`

			`$username = $argv[1];`
			`$email = $argv[2];`
			`$realname = $argv[3];`
			`$admin = $argv[4];`

			`$admin = id(new PhabricatorUser())->loadOneWhere(`
			`'username = %s',`
			`$argv[4]);`
			`if (!$admin) {`
			`throw new Exception(`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 09:27:56 +02:00			`pht(`
			`'Admin user must be the username of a valid Phabricator account, used '.`
			`'to send the new user a welcome email.'));`
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00			`}`

			`$existing_user = id(new PhabricatorUser())->loadOneWhere(`
			`'username = %s',`
			`$username);`
			`if ($existing_user) {`
			`throw new Exception(`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 09:27:56 +02:00			`pht(`
			`"There is already a user with the username '%s'!",`
			`$username));`
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00			`}`

Allow users to have multiple email addresses, and verify emails Summary: - Move email to a separate table. - Migrate existing email to new storage. - Allow users to add and remove email addresses. - Allow users to verify email addresses. - Allow users to change their primary email address. - Convert all the registration/reset/login code to understand these changes. - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific. - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up. Not included here (next steps): - Allow configuration to restrict email to certain domains. - Allow configuration to require validated email. Test Plan: This is a fairly extensive, difficult-to-test change. - From "Email Addresses" interface: - Added new email (verified email verifications sent). - Changed primary email (verified old/new notificactions sent). - Resent verification emails (verified they sent). - Removed email. - Tried to add already-owned email. - Created new users with "accountadmin". Edited existing users with "accountadmin". - Created new users with "add_user.php". - Created new users with web interface. - Clicked welcome email link, verified it verified email. - Reset password. - Linked/unlinked oauth accounts. - Logged in with oauth account. - Logged in with email. - Registered with Oauth account. - Tried to register with OAuth account with duplicate email. - Verified errors for email verification with bad tokens, etc. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1184 Differential Revision: https://secure.phabricator.com/D2393 2012-05-07 19:29:33 +02:00			`$existing_email = id(new PhabricatorUserEmail())->loadOneWhere(`
			`'address = %s',`
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00			`$email);`
Allow users to have multiple email addresses, and verify emails Summary: - Move email to a separate table. - Migrate existing email to new storage. - Allow users to add and remove email addresses. - Allow users to verify email addresses. - Allow users to change their primary email address. - Convert all the registration/reset/login code to understand these changes. - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific. - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up. Not included here (next steps): - Allow configuration to restrict email to certain domains. - Allow configuration to require validated email. Test Plan: This is a fairly extensive, difficult-to-test change. - From "Email Addresses" interface: - Added new email (verified email verifications sent). - Changed primary email (verified old/new notificactions sent). - Resent verification emails (verified they sent). - Removed email. - Tried to add already-owned email. - Created new users with "accountadmin". Edited existing users with "accountadmin". - Created new users with "add_user.php". - Created new users with web interface. - Clicked welcome email link, verified it verified email. - Reset password. - Linked/unlinked oauth accounts. - Logged in with oauth account. - Logged in with email. - Registered with Oauth account. - Tried to register with OAuth account with duplicate email. - Verified errors for email verification with bad tokens, etc. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1184 Differential Revision: https://secure.phabricator.com/D2393 2012-05-07 19:29:33 +02:00			`if ($existing_email) {`
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00			`throw new Exception(`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 09:27:56 +02:00			`pht(`
			`"There is already a user with the email '%s'!",`
			`$email));`
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00			`}`

			`$user = new PhabricatorUser();`
			`$user->setUsername($username);`
			`$user->setRealname($realname);`
Implement an approval queue Summary: - Add an option for the queue. - By default, enable it. - Dump new users into the queue. - Send admins an email to approve them. Test Plan: - Registered new accounts with queue on and off. - As an admin, approved accounts and disabled the queue from email. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7576 2013-11-13 20:24:56 +01:00			`$user->setIsApproved(1);`
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00
Allow users to have multiple email addresses, and verify emails Summary: - Move email to a separate table. - Migrate existing email to new storage. - Allow users to add and remove email addresses. - Allow users to verify email addresses. - Allow users to change their primary email address. - Convert all the registration/reset/login code to understand these changes. - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific. - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up. Not included here (next steps): - Allow configuration to restrict email to certain domains. - Allow configuration to require validated email. Test Plan: This is a fairly extensive, difficult-to-test change. - From "Email Addresses" interface: - Added new email (verified email verifications sent). - Changed primary email (verified old/new notificactions sent). - Resent verification emails (verified they sent). - Removed email. - Tried to add already-owned email. - Created new users with "accountadmin". Edited existing users with "accountadmin". - Created new users with "add_user.php". - Created new users with web interface. - Clicked welcome email link, verified it verified email. - Reset password. - Linked/unlinked oauth accounts. - Logged in with oauth account. - Logged in with email. - Registered with Oauth account. - Tried to register with OAuth account with duplicate email. - Verified errors for email verification with bad tokens, etc. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1184 Differential Revision: https://secure.phabricator.com/D2393 2012-05-07 19:29:33 +02:00			`$email_object = id(new PhabricatorUserEmail())`
			`->setAddress($email)`
Consolidate user editing code Summary: - We currently have some bugs in account creation due to nontransactional user/email editing. - We save $user, then try to save $email. This may fail for various reasons, commonly because the email isn't unique. - This leaves us with a $user with no email. - Also, logging of edits is somewhat inconsistent across various edit mechanisms. - Move all editing to a `PhabricatorUserEditor` class. - Handle some broken-data cases more gracefully. Test Plan: - Created and edited a user with `accountadmin`. - Created a user with `add_user.php` - Created and edited a user with People editor. - Created a user with OAuth. - Edited user information via Settings. - Tried to create an OAuth user with a duplicate email address, got a proper error. - Tried to create a user via People with a duplicate email address, got a proper error. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: tberman, aran Maniphest Tasks: T1184 Differential Revision: https://secure.phabricator.com/D2569 2012-05-25 16:30:44 +02:00			`->setIsVerified(1);`

			`id(new PhabricatorUserEditor())`
			`->setActor($admin)`
			`->createNewUser($user, $email_object);`
Allow users to have multiple email addresses, and verify emails Summary: - Move email to a separate table. - Migrate existing email to new storage. - Allow users to add and remove email addresses. - Allow users to verify email addresses. - Allow users to change their primary email address. - Convert all the registration/reset/login code to understand these changes. - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific. - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up. Not included here (next steps): - Allow configuration to restrict email to certain domains. - Allow configuration to require validated email. Test Plan: This is a fairly extensive, difficult-to-test change. - From "Email Addresses" interface: - Added new email (verified email verifications sent). - Changed primary email (verified old/new notificactions sent). - Resent verification emails (verified they sent). - Removed email. - Tried to add already-owned email. - Created new users with "accountadmin". Edited existing users with "accountadmin". - Created new users with "add_user.php". - Created new users with web interface. - Clicked welcome email link, verified it verified email. - Reset password. - Linked/unlinked oauth accounts. - Logged in with oauth account. - Logged in with email. - Registered with Oauth account. - Tried to register with OAuth account with duplicate email. - Verified errors for email verification with bad tokens, etc. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1184 Differential Revision: https://secure.phabricator.com/D2393 2012-05-07 19:29:33 +02:00
Provide a script for batch creating user accounts Summary: Make it a little easier to create a bunch of accounts if your company has more than like 5 employees. Test Plan: Ran "add_user.php" to create new users. Created new users from the web console. Reviewers: btrahan, jungejason, rguerin Reviewed By: btrahan CC: aran, btrahan, rguerin Differential Revision: https://secure.phabricator.com/D1336 2012-01-06 19:44:12 +01:00			`$user->sendWelcomeEmail($admin);`

phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 09:27:56 +02:00			`echo pht(`
			`"Created user '%s' (realname='%s', email='%s').\n",`
			`$username,`
			`$realname,`
			`$email);`