2014-08-04 21:04:13 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
final class PhabricatorAuthRevokeTokenController
|
|
|
|
extends PhabricatorAuthController {
|
|
|
|
|
2015-08-02 01:49:27 +02:00
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
|
|
$viewer = $this->getViewer();
|
|
|
|
$id = $request->getURIData('id');
|
2014-08-04 21:04:13 +02:00
|
|
|
|
2015-08-02 01:49:27 +02:00
|
|
|
$is_all = ($id === 'all');
|
2014-08-04 21:04:13 +02:00
|
|
|
|
|
|
|
$query = id(new PhabricatorAuthTemporaryTokenQuery())
|
|
|
|
->setViewer($viewer)
|
2016-03-16 13:17:47 +01:00
|
|
|
->withTokenResources(array($viewer->getPHID()));
|
2014-08-04 21:04:13 +02:00
|
|
|
if (!$is_all) {
|
2015-08-02 01:49:27 +02:00
|
|
|
$query->withIDs(array($id));
|
2014-08-04 21:04:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$tokens = $query->execute();
|
|
|
|
foreach ($tokens as $key => $token) {
|
|
|
|
if (!$token->isRevocable()) {
|
|
|
|
// Don't revoke unrevocable tokens.
|
|
|
|
unset($tokens[$key]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$panel_uri = '/settings/panel/tokens/';
|
|
|
|
|
|
|
|
if (!$tokens) {
|
|
|
|
return $this->newDialog()
|
|
|
|
->setTitle(pht('No Matching Tokens'))
|
|
|
|
->appendParagraph(
|
|
|
|
pht('There are no matching tokens to revoke.'))
|
|
|
|
->appendParagraph(
|
|
|
|
pht(
|
|
|
|
'(Some types of token can not be revoked, and you can not revoke '.
|
|
|
|
'tokens which have already expired.)'))
|
|
|
|
->addCancelButton($panel_uri);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($request->isDialogFormPost()) {
|
|
|
|
foreach ($tokens as $token) {
|
2014-08-04 21:04:23 +02:00
|
|
|
$token->revokeToken();
|
2014-08-04 21:04:13 +02:00
|
|
|
}
|
|
|
|
return id(new AphrontRedirectResponse())->setURI($panel_uri);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($is_all) {
|
|
|
|
$title = pht('Revoke Tokens?');
|
|
|
|
$short = pht('Revoke Tokens');
|
|
|
|
$body = pht(
|
|
|
|
'Really revoke all tokens? Among other temporary authorizations, '.
|
|
|
|
'this will disable any outstanding password reset or account '.
|
|
|
|
'recovery links.');
|
|
|
|
} else {
|
|
|
|
$title = pht('Revoke Token?');
|
|
|
|
$short = pht('Revoke Token');
|
|
|
|
$body = pht(
|
|
|
|
'Really revoke this token? Any temporary authorization it enables '.
|
|
|
|
'will be disabled.');
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->newDialog()
|
|
|
|
->setTitle($title)
|
|
|
|
->setShortTitle($short)
|
|
|
|
->appendParagraph($body)
|
|
|
|
->addSubmitButton(pht('Revoke'))
|
|
|
|
->addCancelButton($panel_uri);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|