1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 08:12:40 +01:00

Add very basic bin/auth tool

Summary: Ref T1536. This script basically exists to restore access if/when users shoot themselves in the foot by disabling all auth providers and can no longer log in.

Test Plan: {F46411}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6205
This commit is contained in:
epriestley 2013-06-17 10:55:05 -07:00
parent fc2973c5d3
commit 278905543e
6 changed files with 130 additions and 1 deletions

1
bin/auth Symbolic link
View file

@ -0,0 +1 @@
../scripts/setup/manage_auth.php

22
scripts/setup/manage_auth.php Executable file
View file

@ -0,0 +1,22 @@
#!/usr/bin/env php
<?php
$root = dirname(dirname(dirname(__FILE__)));
require_once $root.'/scripts/__init_script__.php';
$args = new PhutilArgumentParser($argv);
$args->setTagline('manage authentication');
$args->setSynopsis(<<<EOSYNOPSIS
**auth** __command__ [__options__]
Manage Phabricator authentication configuration.
EOSYNOPSIS
);
$args->parseStandardArguments();
$workflows = array(
new PhabricatorAuthManagementListWorkflow(),
new PhutilHelpArgumentWorkflow(),
);
$args->parseWorkflows($workflows);

View file

@ -823,6 +823,8 @@ phutil_register_library_map(array(
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php',
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php',
'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php',
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
@ -2704,6 +2706,8 @@ phutil_register_library_map(array(
1 => 'PhabricatorApplicationSearchResultsControllerInterface',
),
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow',
'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow',
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
'PhabricatorAuthProviderConfig' =>
array(

View file

@ -47,7 +47,10 @@ final class PhabricatorAuthStartController
return $this->renderError(
pht(
"This Phabricator install is not configured with any enabled ".
"authentication providers which can be used to log in."));
"authentication providers which can be used to log in. If you ".
"have accidentally locked yourself out by disabling all providers, ".
"you can use `phabricator/bin/auth recover <username>` to ".
"recover access to an administrative account."));
}
$next_uri = $request->getStr('next');

View file

@ -0,0 +1,89 @@
<?php
final class PhabricatorAuthManagementRecoverWorkflow
extends PhabricatorAuthManagementWorkflow {
protected function didConstruct() {
$this
->setName('recover')
->setExamples('**recover** __username__')
->setSynopsis(
'Recover access to an administrative account if you have locked '.
'yourself out of Phabricator.')
->setArguments(
array(
'username' => array(
'name' => 'username',
'wildcard' => true,
),
));
}
public function execute(PhutilArgumentParser $args) {
$can_recover = id(new PhabricatorPeopleQuery())
->setViewer(PhabricatorUser::getOmnipotentUser())
->withIsAdmin(true)
->execute();
if (!$can_recover) {
throw new PhutilArgumentUsageException(
pht(
'This Phabricator installation has no recoverable administrator '.
'accounts. You can use `bin/accountadmin` to create a new '.
'administrator account or make an existing user an administrator.'));
}
$can_recover = mpull($can_recover, 'getUsername');
sort($can_recover);
$can_recover = implode(', ', $can_recover);
$usernames = $args->getArg('username');
if (!$usernames) {
throw new PhutilArgumentUsageException(
pht('You must specify the username of the account to recover.'));
} else if (count($usernames) > 1) {
throw new PhutilArgumentUsageException(
pht('You can only recover the username for one account.'));
}
$username = head($usernames);
$user = id(new PhabricatorPeopleQuery())
->setViewer(PhabricatorUser::getOmnipotentUser())
->withUsernames(array($username))
->executeOne();
if (!$user) {
throw new PhutilArgumentUsageException(
pht(
'No such user "%s". Recoverable administrator accounts are: %s.',
$username,
$can_recover));
}
if (!$user->getIsAdmin()) {
throw new PhutilArgumentUsageException(
pht(
'You can only recover administrator accounts, but %s is not an '.
'administrator. Recoverable administrator accounts are: %s.',
$username,
$can_recover));
}
$console = PhutilConsole::getConsole();
$console->writeOut(
pht(
'Use this link to recover access to the "%s" account:',
$username));
$console->writeOut("\n\n");
$console->writeOut(" %s", $user->getEmailLoginURI());
$console->writeOut("\n\n");
$console->writeOut(
pht(
'After logging in, you can use the "Auth" application to add or '.
'restore authentication providers and allow normal logins to '.
'succeed.')."\n");
return 0;
}
}

View file

@ -0,0 +1,10 @@
<?php
abstract class PhabricatorAuthManagementWorkflow
extends PhutilArgumentWorkflow {
final public function isExecutable() {
return true;
}
}