mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 08:12:40 +01:00
Add very basic bin/auth
tool
Summary: Ref T1536. This script basically exists to restore access if/when users shoot themselves in the foot by disabling all auth providers and can no longer log in. Test Plan: {F46411} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6205
This commit is contained in:
parent
fc2973c5d3
commit
278905543e
6 changed files with 130 additions and 1 deletions
1
bin/auth
Symbolic link
1
bin/auth
Symbolic link
|
@ -0,0 +1 @@
|
|||
../scripts/setup/manage_auth.php
|
22
scripts/setup/manage_auth.php
Executable file
22
scripts/setup/manage_auth.php
Executable file
|
@ -0,0 +1,22 @@
|
|||
#!/usr/bin/env php
|
||||
<?php
|
||||
|
||||
$root = dirname(dirname(dirname(__FILE__)));
|
||||
require_once $root.'/scripts/__init_script__.php';
|
||||
|
||||
$args = new PhutilArgumentParser($argv);
|
||||
$args->setTagline('manage authentication');
|
||||
$args->setSynopsis(<<<EOSYNOPSIS
|
||||
**auth** __command__ [__options__]
|
||||
Manage Phabricator authentication configuration.
|
||||
|
||||
EOSYNOPSIS
|
||||
);
|
||||
$args->parseStandardArguments();
|
||||
|
||||
$workflows = array(
|
||||
new PhabricatorAuthManagementListWorkflow(),
|
||||
new PhutilHelpArgumentWorkflow(),
|
||||
);
|
||||
|
||||
$args->parseWorkflows($workflows);
|
|
@ -823,6 +823,8 @@ phutil_register_library_map(array(
|
|||
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
|
||||
'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php',
|
||||
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
|
||||
'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php',
|
||||
'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php',
|
||||
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
|
||||
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
|
||||
'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
|
||||
|
@ -2704,6 +2706,8 @@ phutil_register_library_map(array(
|
|||
1 => 'PhabricatorApplicationSearchResultsControllerInterface',
|
||||
),
|
||||
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
|
||||
'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow',
|
||||
'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow',
|
||||
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
|
||||
'PhabricatorAuthProviderConfig' =>
|
||||
array(
|
||||
|
|
|
@ -47,7 +47,10 @@ final class PhabricatorAuthStartController
|
|||
return $this->renderError(
|
||||
pht(
|
||||
"This Phabricator install is not configured with any enabled ".
|
||||
"authentication providers which can be used to log in."));
|
||||
"authentication providers which can be used to log in. If you ".
|
||||
"have accidentally locked yourself out by disabling all providers, ".
|
||||
"you can use `phabricator/bin/auth recover <username>` to ".
|
||||
"recover access to an administrative account."));
|
||||
}
|
||||
|
||||
$next_uri = $request->getStr('next');
|
||||
|
|
|
@ -0,0 +1,89 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorAuthManagementRecoverWorkflow
|
||||
extends PhabricatorAuthManagementWorkflow {
|
||||
|
||||
protected function didConstruct() {
|
||||
$this
|
||||
->setName('recover')
|
||||
->setExamples('**recover** __username__')
|
||||
->setSynopsis(
|
||||
'Recover access to an administrative account if you have locked '.
|
||||
'yourself out of Phabricator.')
|
||||
->setArguments(
|
||||
array(
|
||||
'username' => array(
|
||||
'name' => 'username',
|
||||
'wildcard' => true,
|
||||
),
|
||||
));
|
||||
}
|
||||
|
||||
public function execute(PhutilArgumentParser $args) {
|
||||
|
||||
$can_recover = id(new PhabricatorPeopleQuery())
|
||||
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||
->withIsAdmin(true)
|
||||
->execute();
|
||||
if (!$can_recover) {
|
||||
throw new PhutilArgumentUsageException(
|
||||
pht(
|
||||
'This Phabricator installation has no recoverable administrator '.
|
||||
'accounts. You can use `bin/accountadmin` to create a new '.
|
||||
'administrator account or make an existing user an administrator.'));
|
||||
}
|
||||
$can_recover = mpull($can_recover, 'getUsername');
|
||||
sort($can_recover);
|
||||
$can_recover = implode(', ', $can_recover);
|
||||
|
||||
$usernames = $args->getArg('username');
|
||||
if (!$usernames) {
|
||||
throw new PhutilArgumentUsageException(
|
||||
pht('You must specify the username of the account to recover.'));
|
||||
} else if (count($usernames) > 1) {
|
||||
throw new PhutilArgumentUsageException(
|
||||
pht('You can only recover the username for one account.'));
|
||||
}
|
||||
|
||||
$username = head($usernames);
|
||||
|
||||
$user = id(new PhabricatorPeopleQuery())
|
||||
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||
->withUsernames(array($username))
|
||||
->executeOne();
|
||||
|
||||
if (!$user) {
|
||||
throw new PhutilArgumentUsageException(
|
||||
pht(
|
||||
'No such user "%s". Recoverable administrator accounts are: %s.',
|
||||
$username,
|
||||
$can_recover));
|
||||
}
|
||||
|
||||
if (!$user->getIsAdmin()) {
|
||||
throw new PhutilArgumentUsageException(
|
||||
pht(
|
||||
'You can only recover administrator accounts, but %s is not an '.
|
||||
'administrator. Recoverable administrator accounts are: %s.',
|
||||
$username,
|
||||
$can_recover));
|
||||
}
|
||||
|
||||
$console = PhutilConsole::getConsole();
|
||||
$console->writeOut(
|
||||
pht(
|
||||
'Use this link to recover access to the "%s" account:',
|
||||
$username));
|
||||
$console->writeOut("\n\n");
|
||||
$console->writeOut(" %s", $user->getEmailLoginURI());
|
||||
$console->writeOut("\n\n");
|
||||
$console->writeOut(
|
||||
pht(
|
||||
'After logging in, you can use the "Auth" application to add or '.
|
||||
'restore authentication providers and allow normal logins to '.
|
||||
'succeed.')."\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
<?php
|
||||
|
||||
abstract class PhabricatorAuthManagementWorkflow
|
||||
extends PhutilArgumentWorkflow {
|
||||
|
||||
final public function isExecutable() {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue