mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 08:12:40 +01:00
Remove "bin/accountadmin" and "scripts/user/add_user.php"
Summary: Fixes T13382. Depends on D20724. These ancient scripts are no longer necessary since we've had a smooth web-based onboarding process for a long time. I retained `bin/user empower` and `bin/user enable` for recovering from situations where you accidentally delete or disable all administrators. This is normally difficult, but some users are industrious. Test Plan: Grepped for `accountadmin` and `add_user.php`, found no more hits. Maniphest Tasks: T13382 Differential Revision: https://secure.phabricator.com/D20725
This commit is contained in:
parent
fc34554892
commit
64b399d9be
4 changed files with 2 additions and 326 deletions
|
@ -1 +0,0 @@
|
||||||
../scripts/user/account_admin.php
|
|
|
@ -1,228 +0,0 @@
|
||||||
#!/usr/bin/env php
|
|
||||||
<?php
|
|
||||||
|
|
||||||
$root = dirname(dirname(dirname(__FILE__)));
|
|
||||||
require_once $root.'/scripts/__init_script__.php';
|
|
||||||
|
|
||||||
$table = new PhabricatorUser();
|
|
||||||
$any_user = queryfx_one(
|
|
||||||
$table->establishConnection('r'),
|
|
||||||
'SELECT * FROM %T LIMIT 1',
|
|
||||||
$table->getTableName());
|
|
||||||
$is_first_user = (!$any_user);
|
|
||||||
|
|
||||||
if ($is_first_user) {
|
|
||||||
echo pht(
|
|
||||||
"WARNING\n\n".
|
|
||||||
"You're about to create the first account on this install. Normally, ".
|
|
||||||
"you should use the web interface to create the first account, not ".
|
|
||||||
"this script.\n\n".
|
|
||||||
"If you use the web interface, it will drop you into a nice UI workflow ".
|
|
||||||
"which gives you more help setting up your install. If you create an ".
|
|
||||||
"account with this script instead, you will skip the setup help and you ".
|
|
||||||
"will not be able to access it later.");
|
|
||||||
if (!phutil_console_confirm(pht('Skip easy setup and create account?'))) {
|
|
||||||
echo pht('Cancelled.')."\n";
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
echo pht(
|
|
||||||
'Enter a username to create a new account or edit an existing account.');
|
|
||||||
|
|
||||||
$username = phutil_console_prompt(pht('Enter a username:'));
|
|
||||||
if (!strlen($username)) {
|
|
||||||
echo pht('Cancelled.')."\n";
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!PhabricatorUser::validateUsername($username)) {
|
|
||||||
$valid = PhabricatorUser::describeValidUsername();
|
|
||||||
echo pht("The username '%s' is invalid. %s", $username, $valid)."\n";
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
$user = id(new PhabricatorUser())->loadOneWhere(
|
|
||||||
'username = %s',
|
|
||||||
$username);
|
|
||||||
|
|
||||||
if (!$user) {
|
|
||||||
$original = new PhabricatorUser();
|
|
||||||
|
|
||||||
echo pht("There is no existing user account '%s'.", $username)."\n";
|
|
||||||
$ok = phutil_console_confirm(
|
|
||||||
pht("Do you want to create a new '%s' account?", $username),
|
|
||||||
$default_no = false);
|
|
||||||
if (!$ok) {
|
|
||||||
echo pht('Cancelled.')."\n";
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
$user = new PhabricatorUser();
|
|
||||||
$user->setUsername($username);
|
|
||||||
|
|
||||||
$is_new = true;
|
|
||||||
} else {
|
|
||||||
$original = clone $user;
|
|
||||||
|
|
||||||
echo pht("There is an existing user account '%s'.", $username)."\n";
|
|
||||||
$ok = phutil_console_confirm(
|
|
||||||
pht("Do you want to edit the existing '%s' account?", $username),
|
|
||||||
$default_no = false);
|
|
||||||
if (!$ok) {
|
|
||||||
echo pht('Cancelled.')."\n";
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
$is_new = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$user_realname = $user->getRealName();
|
|
||||||
if (strlen($user_realname)) {
|
|
||||||
$realname_prompt = ' ['.$user_realname.']:';
|
|
||||||
} else {
|
|
||||||
$realname_prompt = ':';
|
|
||||||
}
|
|
||||||
$realname = nonempty(
|
|
||||||
phutil_console_prompt(pht('Enter user real name').$realname_prompt),
|
|
||||||
$user_realname);
|
|
||||||
$user->setRealName($realname);
|
|
||||||
|
|
||||||
// When creating a new user we prompt for an email address; when editing an
|
|
||||||
// existing user we just skip this because it would be quite involved to provide
|
|
||||||
// a reasonable CLI interface for editing multiple addresses and managing email
|
|
||||||
// verification and primary addresses.
|
|
||||||
|
|
||||||
$create_email = null;
|
|
||||||
if ($is_new) {
|
|
||||||
do {
|
|
||||||
$email = phutil_console_prompt(pht('Enter user email address:'));
|
|
||||||
$duplicate = id(new PhabricatorUserEmail())->loadOneWhere(
|
|
||||||
'address = %s',
|
|
||||||
$email);
|
|
||||||
if ($duplicate) {
|
|
||||||
echo pht(
|
|
||||||
"ERROR: There is already a user with that email address. ".
|
|
||||||
"Each user must have a unique email address.\n");
|
|
||||||
} else {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
} while (true);
|
|
||||||
|
|
||||||
$create_email = $email;
|
|
||||||
}
|
|
||||||
|
|
||||||
$is_system_agent = $user->getIsSystemAgent();
|
|
||||||
$set_system_agent = phutil_console_confirm(
|
|
||||||
pht('Is this user a bot?'),
|
|
||||||
$default_no = !$is_system_agent);
|
|
||||||
|
|
||||||
$verify_email = null;
|
|
||||||
$set_verified = false;
|
|
||||||
// Allow administrators to verify primary email addresses at this time in edit
|
|
||||||
// scenarios. (Create will work just fine from here as we auto-verify email
|
|
||||||
// on create.)
|
|
||||||
if (!$is_new) {
|
|
||||||
$verify_email = $user->loadPrimaryEmail();
|
|
||||||
if (!$verify_email->getIsVerified()) {
|
|
||||||
$set_verified = phutil_console_confirm(
|
|
||||||
pht('Should the primary email address be verified?'),
|
|
||||||
$default_no = true);
|
|
||||||
} else {
|
|
||||||
// Already verified so let's not make a fuss.
|
|
||||||
$verify_email = null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$is_admin = $user->getIsAdmin();
|
|
||||||
$set_admin = phutil_console_confirm(
|
|
||||||
pht('Should this user be an administrator?'),
|
|
||||||
$default_no = !$is_admin);
|
|
||||||
|
|
||||||
echo "\n\n".pht('ACCOUNT SUMMARY')."\n\n";
|
|
||||||
$tpl = "%12s %-30s %-30s\n";
|
|
||||||
printf($tpl, null, pht('OLD VALUE'), pht('NEW VALUE'));
|
|
||||||
printf($tpl, pht('Username'), $original->getUsername(), $user->getUsername());
|
|
||||||
printf($tpl, pht('Real Name'), $original->getRealName(), $user->getRealName());
|
|
||||||
if ($is_new) {
|
|
||||||
printf($tpl, pht('Email'), '', $create_email);
|
|
||||||
}
|
|
||||||
|
|
||||||
printf(
|
|
||||||
$tpl,
|
|
||||||
pht('Bot'),
|
|
||||||
$original->getIsSystemAgent() ? 'Y' : 'N',
|
|
||||||
$set_system_agent ? 'Y' : 'N');
|
|
||||||
|
|
||||||
if ($verify_email) {
|
|
||||||
printf(
|
|
||||||
$tpl,
|
|
||||||
pht('Verify Email'),
|
|
||||||
$verify_email->getIsVerified() ? 'Y' : 'N',
|
|
||||||
$set_verified ? 'Y' : 'N');
|
|
||||||
}
|
|
||||||
|
|
||||||
printf(
|
|
||||||
$tpl,
|
|
||||||
pht('Admin'),
|
|
||||||
$original->getIsAdmin() ? 'Y' : 'N',
|
|
||||||
$set_admin ? 'Y' : 'N');
|
|
||||||
|
|
||||||
echo "\n";
|
|
||||||
|
|
||||||
if (!phutil_console_confirm(pht('Save these changes?'), $default_no = false)) {
|
|
||||||
echo pht('Cancelled.')."\n";
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
$user->openTransaction();
|
|
||||||
|
|
||||||
$editor = new PhabricatorUserEditor();
|
|
||||||
|
|
||||||
// TODO: This is wrong, but we have a chicken-and-egg problem when you use
|
|
||||||
// this script to create the first user.
|
|
||||||
$editor->setActor($user);
|
|
||||||
|
|
||||||
if ($is_new) {
|
|
||||||
$email = id(new PhabricatorUserEmail())
|
|
||||||
->setAddress($create_email)
|
|
||||||
->setIsVerified(1);
|
|
||||||
|
|
||||||
// Unconditionally approve new accounts created from the CLI.
|
|
||||||
$user->setIsApproved(1);
|
|
||||||
|
|
||||||
$editor->createNewUser($user, $email);
|
|
||||||
} else {
|
|
||||||
if ($verify_email) {
|
|
||||||
$user->setIsEmailVerified(1);
|
|
||||||
$verify_email->setIsVerified($set_verified ? 1 : 0);
|
|
||||||
}
|
|
||||||
$editor->updateUser($user, $verify_email);
|
|
||||||
}
|
|
||||||
|
|
||||||
$editor->makeSystemAgentUser($user, $set_system_agent);
|
|
||||||
|
|
||||||
$xactions = array();
|
|
||||||
$xactions[] = id(new PhabricatorUserTransaction())
|
|
||||||
->setTransactionType(
|
|
||||||
PhabricatorUserEmpowerTransaction::TRANSACTIONTYPE)
|
|
||||||
->setNewValue($set_admin);
|
|
||||||
|
|
||||||
$actor = PhabricatorUser::getOmnipotentUser();
|
|
||||||
$content_source = PhabricatorContentSource::newForSource(
|
|
||||||
PhabricatorConsoleContentSource::SOURCECONST);
|
|
||||||
|
|
||||||
$people_application_phid = id(new PhabricatorPeopleApplication())->getPHID();
|
|
||||||
|
|
||||||
$transaction_editor = id(new PhabricatorUserTransactionEditor())
|
|
||||||
->setActor($actor)
|
|
||||||
->setActingAsPHID($people_application_phid)
|
|
||||||
->setContentSource($content_source)
|
|
||||||
->setContinueOnNoEffect(true)
|
|
||||||
->setContinueOnMissingFields(true);
|
|
||||||
|
|
||||||
$transaction_editor->applyTransactions($user, $xactions);
|
|
||||||
|
|
||||||
$user->saveTransaction();
|
|
||||||
|
|
||||||
echo pht('Saved changes.')."\n";
|
|
|
@ -1,73 +0,0 @@
|
||||||
#!/usr/bin/env php
|
|
||||||
<?php
|
|
||||||
|
|
||||||
$root = dirname(dirname(dirname(__FILE__)));
|
|
||||||
require_once $root.'/scripts/__init_script__.php';
|
|
||||||
|
|
||||||
if ($argc !== 5) {
|
|
||||||
echo pht(
|
|
||||||
"Usage: %s\n",
|
|
||||||
'add_user.php <username> <email> <realname> <admin_user>');
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
$username = $argv[1];
|
|
||||||
$email = $argv[2];
|
|
||||||
$realname = $argv[3];
|
|
||||||
$admin = $argv[4];
|
|
||||||
|
|
||||||
$admin = id(new PhabricatorUser())->loadOneWhere(
|
|
||||||
'username = %s',
|
|
||||||
$argv[4]);
|
|
||||||
if (!$admin) {
|
|
||||||
throw new Exception(
|
|
||||||
pht(
|
|
||||||
'Admin user must be the username of a valid Phabricator account, used '.
|
|
||||||
'to send the new user a welcome email.'));
|
|
||||||
}
|
|
||||||
|
|
||||||
$existing_user = id(new PhabricatorUser())->loadOneWhere(
|
|
||||||
'username = %s',
|
|
||||||
$username);
|
|
||||||
if ($existing_user) {
|
|
||||||
throw new Exception(
|
|
||||||
pht(
|
|
||||||
"There is already a user with the username '%s'!",
|
|
||||||
$username));
|
|
||||||
}
|
|
||||||
|
|
||||||
$existing_email = id(new PhabricatorUserEmail())->loadOneWhere(
|
|
||||||
'address = %s',
|
|
||||||
$email);
|
|
||||||
if ($existing_email) {
|
|
||||||
throw new Exception(
|
|
||||||
pht(
|
|
||||||
"There is already a user with the email '%s'!",
|
|
||||||
$email));
|
|
||||||
}
|
|
||||||
|
|
||||||
$user = new PhabricatorUser();
|
|
||||||
$user->setUsername($username);
|
|
||||||
$user->setRealname($realname);
|
|
||||||
$user->setIsApproved(1);
|
|
||||||
|
|
||||||
$email_object = id(new PhabricatorUserEmail())
|
|
||||||
->setAddress($email)
|
|
||||||
->setIsVerified(1);
|
|
||||||
|
|
||||||
id(new PhabricatorUserEditor())
|
|
||||||
->setActor($admin)
|
|
||||||
->createNewUser($user, $email_object);
|
|
||||||
|
|
||||||
$welcome_engine = id(new PhabricatorPeopleWelcomeMailEngine())
|
|
||||||
->setSender($admin)
|
|
||||||
->setRecipient($user);
|
|
||||||
if ($welcome_engine->canSendMail()) {
|
|
||||||
$welcome_engine->sendMail();
|
|
||||||
}
|
|
||||||
|
|
||||||
echo pht(
|
|
||||||
"Created user '%s' (realname='%s', email='%s').\n",
|
|
||||||
$username,
|
|
||||||
$realname,
|
|
||||||
$email);
|
|
|
@ -49,30 +49,8 @@ phabricator/ $ ./bin/auth recover <username>
|
||||||
...where `<username>` is the account username you want to recover access
|
...where `<username>` is the account username you want to recover access
|
||||||
to. This will generate a link which will log you in as the specified user.
|
to. This will generate a link which will log you in as the specified user.
|
||||||
|
|
||||||
|
For more details on recovering access to accounts and unlocking objects, see
|
||||||
Managing Accounts with the Web Console
|
@{article:User Guide: Unlocking Objects}.
|
||||||
======================================
|
|
||||||
|
|
||||||
To manage accounts from the web, login as an administrator account and go to
|
|
||||||
`/people/` or click "People" on the homepage. Provided you're an admin,
|
|
||||||
you'll see options to create or edit accounts.
|
|
||||||
|
|
||||||
|
|
||||||
Manually Creating New Accounts
|
|
||||||
==============================
|
|
||||||
|
|
||||||
There are two ways to manually create new accounts: via the web UI using
|
|
||||||
the "People" application (this is easiest), or via the CLI using the
|
|
||||||
`accountadmin` binary (this has a few more options).
|
|
||||||
|
|
||||||
To use the CLI script, run:
|
|
||||||
|
|
||||||
phabricator/ $ ./bin/accountadmin
|
|
||||||
|
|
||||||
Some options (like changing certain account flags) are only available from
|
|
||||||
the CLI. You can also use this script to make a user
|
|
||||||
an administrator (if you accidentally remove your admin flag) or to create an
|
|
||||||
administrative account.
|
|
||||||
|
|
||||||
|
|
||||||
Next Steps
|
Next Steps
|
||||||
|
|
Loading…
Reference in a new issue