From 39c3b10a2f21c601a90545339a6544f2b9dab4eb Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Sat, 20 Jan 2018 08:59:52 -0800
Subject: [PATCH] Add a `bin/auth revoke` revoker for sessions

Summary: Ref T13043. Allows CLI revocation of login sessions.

Test Plan: Used `bin/auth revoke --type session` with `--from` and `--everywhere` to revoke sessions. Saw accounts get logged out in web UI.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043

Differential Revision: https://secure.phabricator.com/D18892
---
 src/__phutil_library_map__.php                |  2 ++
 .../revoker/PhabricatorAuthSessionRevoker.php | 33 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 src/applications/auth/revoker/PhabricatorAuthSessionRevoker.php

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index e611c2353f..3a7785d2e1 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -2126,6 +2126,7 @@ phutil_register_library_map(array(
     'PhabricatorAuthSessionGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthSessionGarbageCollector.php',
     'PhabricatorAuthSessionInfo' => 'applications/auth/data/PhabricatorAuthSessionInfo.php',
     'PhabricatorAuthSessionQuery' => 'applications/auth/query/PhabricatorAuthSessionQuery.php',
+    'PhabricatorAuthSessionRevoker' => 'applications/auth/revoker/PhabricatorAuthSessionRevoker.php',
     'PhabricatorAuthSetPasswordController' => 'applications/auth/controller/PhabricatorAuthSetPasswordController.php',
     'PhabricatorAuthSetupCheck' => 'applications/config/check/PhabricatorAuthSetupCheck.php',
     'PhabricatorAuthStartController' => 'applications/auth/controller/PhabricatorAuthStartController.php',
@@ -7413,6 +7414,7 @@ phutil_register_library_map(array(
     'PhabricatorAuthSessionGarbageCollector' => 'PhabricatorGarbageCollector',
     'PhabricatorAuthSessionInfo' => 'Phobject',
     'PhabricatorAuthSessionQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
+    'PhabricatorAuthSessionRevoker' => 'PhabricatorAuthRevoker',
     'PhabricatorAuthSetPasswordController' => 'PhabricatorAuthController',
     'PhabricatorAuthSetupCheck' => 'PhabricatorSetupCheck',
     'PhabricatorAuthStartController' => 'PhabricatorAuthController',
diff --git a/src/applications/auth/revoker/PhabricatorAuthSessionRevoker.php b/src/applications/auth/revoker/PhabricatorAuthSessionRevoker.php
new file mode 100644
index 0000000000..b5e294e6f1
--- /dev/null
+++ b/src/applications/auth/revoker/PhabricatorAuthSessionRevoker.php
@@ -0,0 +1,33 @@
+<?php
+
+final class PhabricatorAuthSessionRevoker
+  extends PhabricatorAuthRevoker {
+
+  const REVOKERKEY = 'session';
+
+  public function revokeAllCredentials() {
+    $table = new PhabricatorAuthSession();
+    $conn = $table->establishConnection('w');
+
+    queryfx(
+      $conn,
+      'DELETE FROM %T',
+      $table->getTableName());
+
+    return $conn->getAffectedRows();
+  }
+
+  public function revokeCredentialsFrom($object) {
+    $table = new PhabricatorAuthSession();
+    $conn = $table->establishConnection('w');
+
+    queryfx(
+      $conn,
+      'DELETE FROM %T WHERE userPHID = %s',
+      $table->getTableName(),
+      $object->getPHID());
+
+    return $conn->getAffectedRows();
+  }
+
+}