mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 00:32:42 +01:00
Add very basic bin/auth
tool
Summary: Ref T1536. This script basically exists to restore access if/when users shoot themselves in the foot by disabling all auth providers and can no longer log in. Test Plan: {F46411} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6205
This commit is contained in:
parent
fc2973c5d3
commit
278905543e
6 changed files with 130 additions and 1 deletions
1
bin/auth
Symbolic link
1
bin/auth
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../scripts/setup/manage_auth.php
|
22
scripts/setup/manage_auth.php
Executable file
22
scripts/setup/manage_auth.php
Executable file
|
@ -0,0 +1,22 @@
|
||||||
|
#!/usr/bin/env php
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$root = dirname(dirname(dirname(__FILE__)));
|
||||||
|
require_once $root.'/scripts/__init_script__.php';
|
||||||
|
|
||||||
|
$args = new PhutilArgumentParser($argv);
|
||||||
|
$args->setTagline('manage authentication');
|
||||||
|
$args->setSynopsis(<<<EOSYNOPSIS
|
||||||
|
**auth** __command__ [__options__]
|
||||||
|
Manage Phabricator authentication configuration.
|
||||||
|
|
||||||
|
EOSYNOPSIS
|
||||||
|
);
|
||||||
|
$args->parseStandardArguments();
|
||||||
|
|
||||||
|
$workflows = array(
|
||||||
|
new PhabricatorAuthManagementListWorkflow(),
|
||||||
|
new PhutilHelpArgumentWorkflow(),
|
||||||
|
);
|
||||||
|
|
||||||
|
$args->parseWorkflows($workflows);
|
|
@ -823,6 +823,8 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
|
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
|
||||||
'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php',
|
'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php',
|
||||||
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
|
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
|
||||||
|
'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php',
|
||||||
|
'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php',
|
||||||
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
|
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
|
||||||
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
|
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
|
||||||
'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
|
'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
|
||||||
|
@ -2704,6 +2706,8 @@ phutil_register_library_map(array(
|
||||||
1 => 'PhabricatorApplicationSearchResultsControllerInterface',
|
1 => 'PhabricatorApplicationSearchResultsControllerInterface',
|
||||||
),
|
),
|
||||||
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
|
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
|
||||||
|
'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow',
|
||||||
|
'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow',
|
||||||
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
|
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
|
||||||
'PhabricatorAuthProviderConfig' =>
|
'PhabricatorAuthProviderConfig' =>
|
||||||
array(
|
array(
|
||||||
|
|
|
@ -47,7 +47,10 @@ final class PhabricatorAuthStartController
|
||||||
return $this->renderError(
|
return $this->renderError(
|
||||||
pht(
|
pht(
|
||||||
"This Phabricator install is not configured with any enabled ".
|
"This Phabricator install is not configured with any enabled ".
|
||||||
"authentication providers which can be used to log in."));
|
"authentication providers which can be used to log in. If you ".
|
||||||
|
"have accidentally locked yourself out by disabling all providers, ".
|
||||||
|
"you can use `phabricator/bin/auth recover <username>` to ".
|
||||||
|
"recover access to an administrative account."));
|
||||||
}
|
}
|
||||||
|
|
||||||
$next_uri = $request->getStr('next');
|
$next_uri = $request->getStr('next');
|
||||||
|
|
|
@ -0,0 +1,89 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorAuthManagementRecoverWorkflow
|
||||||
|
extends PhabricatorAuthManagementWorkflow {
|
||||||
|
|
||||||
|
protected function didConstruct() {
|
||||||
|
$this
|
||||||
|
->setName('recover')
|
||||||
|
->setExamples('**recover** __username__')
|
||||||
|
->setSynopsis(
|
||||||
|
'Recover access to an administrative account if you have locked '.
|
||||||
|
'yourself out of Phabricator.')
|
||||||
|
->setArguments(
|
||||||
|
array(
|
||||||
|
'username' => array(
|
||||||
|
'name' => 'username',
|
||||||
|
'wildcard' => true,
|
||||||
|
),
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function execute(PhutilArgumentParser $args) {
|
||||||
|
|
||||||
|
$can_recover = id(new PhabricatorPeopleQuery())
|
||||||
|
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||||
|
->withIsAdmin(true)
|
||||||
|
->execute();
|
||||||
|
if (!$can_recover) {
|
||||||
|
throw new PhutilArgumentUsageException(
|
||||||
|
pht(
|
||||||
|
'This Phabricator installation has no recoverable administrator '.
|
||||||
|
'accounts. You can use `bin/accountadmin` to create a new '.
|
||||||
|
'administrator account or make an existing user an administrator.'));
|
||||||
|
}
|
||||||
|
$can_recover = mpull($can_recover, 'getUsername');
|
||||||
|
sort($can_recover);
|
||||||
|
$can_recover = implode(', ', $can_recover);
|
||||||
|
|
||||||
|
$usernames = $args->getArg('username');
|
||||||
|
if (!$usernames) {
|
||||||
|
throw new PhutilArgumentUsageException(
|
||||||
|
pht('You must specify the username of the account to recover.'));
|
||||||
|
} else if (count($usernames) > 1) {
|
||||||
|
throw new PhutilArgumentUsageException(
|
||||||
|
pht('You can only recover the username for one account.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
$username = head($usernames);
|
||||||
|
|
||||||
|
$user = id(new PhabricatorPeopleQuery())
|
||||||
|
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||||
|
->withUsernames(array($username))
|
||||||
|
->executeOne();
|
||||||
|
|
||||||
|
if (!$user) {
|
||||||
|
throw new PhutilArgumentUsageException(
|
||||||
|
pht(
|
||||||
|
'No such user "%s". Recoverable administrator accounts are: %s.',
|
||||||
|
$username,
|
||||||
|
$can_recover));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$user->getIsAdmin()) {
|
||||||
|
throw new PhutilArgumentUsageException(
|
||||||
|
pht(
|
||||||
|
'You can only recover administrator accounts, but %s is not an '.
|
||||||
|
'administrator. Recoverable administrator accounts are: %s.',
|
||||||
|
$username,
|
||||||
|
$can_recover));
|
||||||
|
}
|
||||||
|
|
||||||
|
$console = PhutilConsole::getConsole();
|
||||||
|
$console->writeOut(
|
||||||
|
pht(
|
||||||
|
'Use this link to recover access to the "%s" account:',
|
||||||
|
$username));
|
||||||
|
$console->writeOut("\n\n");
|
||||||
|
$console->writeOut(" %s", $user->getEmailLoginURI());
|
||||||
|
$console->writeOut("\n\n");
|
||||||
|
$console->writeOut(
|
||||||
|
pht(
|
||||||
|
'After logging in, you can use the "Auth" application to add or '.
|
||||||
|
'restore authentication providers and allow normal logins to '.
|
||||||
|
'succeed.')."\n");
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
abstract class PhabricatorAuthManagementWorkflow
|
||||||
|
extends PhutilArgumentWorkflow {
|
||||||
|
|
||||||
|
final public function isExecutable() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue