revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-03 20:22:46 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php

91 lines
2.7 KiB
PHP
Raw Normal View History

Add very basic `bin/auth` tool Summary: Ref T1536. This script basically exists to restore access if/when users shoot themselves in the foot by disabling all auth providers and can no longer log in. Test Plan: {F46411} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6205
2013-06-17 19:55:05 +02:00
<?php
final class PhabricatorAuthManagementRecoverWorkflow
extends PhabricatorAuthManagementWorkflow {
protected function didConstruct() {
$this
->setName('recover')
->setExamples('**recover** __username__')
->setSynopsis(
'Recover access to an administrative account if you have locked '.
'yourself out of Phabricator.')
->setArguments(
array(
'username' => array(
'name' => 'username',
'wildcard' => true,
),
));
}
public function execute(PhutilArgumentParser $args) {
$can_recover = id(new PhabricatorPeopleQuery())
Extend all "ManagementWorkflow" classes from a base class Summary: Ref T2015. Not directly related to Drydock, but I've wanted to do this for a bit. Introduce a common base class for all the workflows in the scripts in `bin/*`. This slightly reduces code duplication by moving `isExecutable()` to the base, but also provides `getViewer()`. This is a little nicer than `PhabricatorUser::getOmnipotentUser()` and gives us a layer of indirection if we ever want to introduce more general viewer mechanisms in scripts. Test Plan: Lint; ran some of the scripts. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2015 Differential Revision: https://secure.phabricator.com/D7838
2013-12-27 22:15:40 +01:00
->setViewer($this->getViewer())
Add very basic `bin/auth` tool Summary: Ref T1536. This script basically exists to restore access if/when users shoot themselves in the foot by disabling all auth providers and can no longer log in. Test Plan: {F46411} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6205
2013-06-17 19:55:05 +02:00
->withIsAdmin(true)
->execute();
if (!$can_recover) {
throw new PhutilArgumentUsageException(
pht(
'This Phabricator installation has no recoverable administrator '.
'accounts. You can use `bin/accountadmin` to create a new '.
'administrator account or make an existing user an administrator.'));
}
$can_recover = mpull($can_recover, 'getUsername');
sort($can_recover);
$can_recover = implode(', ', $can_recover);
$usernames = $args->getArg('username');
if (!$usernames) {
throw new PhutilArgumentUsageException(
pht('You must specify the username of the account to recover.'));
} else if (count($usernames) > 1) {
throw new PhutilArgumentUsageException(
pht('You can only recover the username for one account.'));
}
$username = head($usernames);
$user = id(new PhabricatorPeopleQuery())
Extend all "ManagementWorkflow" classes from a base class Summary: Ref T2015. Not directly related to Drydock, but I've wanted to do this for a bit. Introduce a common base class for all the workflows in the scripts in `bin/*`. This slightly reduces code duplication by moving `isExecutable()` to the base, but also provides `getViewer()`. This is a little nicer than `PhabricatorUser::getOmnipotentUser()` and gives us a layer of indirection if we ever want to introduce more general viewer mechanisms in scripts. Test Plan: Lint; ran some of the scripts. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2015 Differential Revision: https://secure.phabricator.com/D7838
2013-12-27 22:15:40 +01:00
->setViewer($this->getViewer())
Add very basic `bin/auth` tool Summary: Ref T1536. This script basically exists to restore access if/when users shoot themselves in the foot by disabling all auth providers and can no longer log in. Test Plan: {F46411} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6205
2013-06-17 19:55:05 +02:00
->withUsernames(array($username))
->executeOne();
if (!$user) {
throw new PhutilArgumentUsageException(
pht(
'No such user "%s". Recoverable administrator accounts are: %s.',
$username,
$can_recover));
}
if (!$user->getIsAdmin()) {
throw new PhutilArgumentUsageException(
pht(
'You can only recover administrator accounts, but %s is not an '.
'administrator. Recoverable administrator accounts are: %s.',
$username,
$can_recover));
}
$console = PhutilConsole::getConsole();
$console->writeOut(
pht(
Allow "bin/auth recover" to succeed before phabricator.base-uri is set Summary: Fixes T4132. If you run "bin/auth recover" before setting the base URI, it throws when trying to generate a production URI. Instead, just show the path. We can't figure out the domain, and I think this is less confusing than showing "your.phabricator.example.com", etc. Test Plan: Ran `bin/auth recover <user>` for valid and missing base-uri. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4132 Differential Revision: https://secure.phabricator.com/D7615
2013-11-20 19:36:00 +01:00
'Use this link to recover access to the "%s" account from the web '.
'interface:',
Add very basic `bin/auth` tool Summary: Ref T1536. This script basically exists to restore access if/when users shoot themselves in the foot by disabling all auth providers and can no longer log in. Test Plan: {F46411} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6205
2013-06-17 19:55:05 +02:00
$username));
$console->writeOut("\n\n");
$console->writeOut(" %s", $user->getEmailLoginURI());
$console->writeOut("\n\n");
$console->writeOut(
pht(
'After logging in, you can use the "Auth" application to add or '.
'restore authentication providers and allow normal logins to '.
'succeed.')."\n");
return 0;
}
}
Copy permalink