Add a bin/auth revoke revoker for temporary tokens

Summary: Ref T13043. Allows CLI revocation of temporary ("forgot password", "one-time login") tokens.

Test Plan: Used "Forgot Password?" to generate tokens, used `bin/auth revoke --type temporary` with `--from` and `--everywhere` to revoke them.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043

Differential Revision: https://secure.phabricator.com/D18891

src/__phutil_library_map__.php

@@ -2133,6 +2133,7 @@ phutil_register_library_map(array(
     'PhabricatorAuthTemporaryToken' => 'applications/auth/storage/PhabricatorAuthTemporaryToken.php',
     'PhabricatorAuthTemporaryTokenGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthTemporaryTokenGarbageCollector.php',
     'PhabricatorAuthTemporaryTokenQuery' => 'applications/auth/query/PhabricatorAuthTemporaryTokenQuery.php',
+    'PhabricatorAuthTemporaryTokenRevoker' => 'applications/auth/revoker/PhabricatorAuthTemporaryTokenRevoker.php',
     'PhabricatorAuthTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php',
     'PhabricatorAuthTemporaryTokenTypeModule' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenTypeModule.php',
     'PhabricatorAuthTerminateSessionController' => 'applications/auth/controller/PhabricatorAuthTerminateSessionController.php',
@@ -7422,6 +7423,7 @@ phutil_register_library_map(array(
     ),
     'PhabricatorAuthTemporaryTokenGarbageCollector' => 'PhabricatorGarbageCollector',
     'PhabricatorAuthTemporaryTokenQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
+    'PhabricatorAuthTemporaryTokenRevoker' => 'PhabricatorAuthRevoker',
     'PhabricatorAuthTemporaryTokenType' => 'Phobject',
     'PhabricatorAuthTemporaryTokenTypeModule' => 'PhabricatorConfigModule',
     'PhabricatorAuthTerminateSessionController' => 'PhabricatorAuthController',

src/applications/auth/revoker/PhabricatorAuthTemporaryTokenRevoker.php

@@ -0,0 +1,33 @@
+<?php
+
+final class PhabricatorAuthTemporaryTokenRevoker
+  extends PhabricatorAuthRevoker {
+
+  const REVOKERKEY = 'temporary';
+
+  public function revokeAllCredentials() {
+    $table = new PhabricatorAuthTemporaryToken();
+    $conn = $table->establishConnection('w');
+
+    queryfx(
+      $conn,
+      'DELETE FROM %T',
+      $table->getTableName());
+
+    return $conn->getAffectedRows();
+  }
+
+  public function revokeCredentialsFrom($object) {
+    $table = new PhabricatorAuthTemporaryToken();
+    $conn = $table->establishConnection('w');
+
+    queryfx(
+      $conn,
+      'DELETE FROM %T WHERE tokenResource = %s',
+      $table->getTableName(),
+      $object->getPHID());
+
+    return $conn->getAffectedRows();
+  }
+
+}

src/infrastructure/internationalization/translation/PhabricatorUSEnglishTranslation.php

@@ -1646,6 +1646,11 @@ final class PhabricatorUSEnglishTranslation
         '%s objects.',
       ),
 
+      'Destroyed %s credential(s) of type "%s".' => array(
+        'Destroyed one credential of type "%2$s".',
+        'Destroyed %s credentials of type "%s".',
+      ),
+
     );
   }