1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-25 14:08:19 +01:00

Add a bin/auth revoke revoker for temporary tokens

Summary: Ref T13043. Allows CLI revocation of temporary ("forgot password", "one-time login") tokens.

Test Plan: Used "Forgot Password?" to generate tokens, used `bin/auth revoke --type temporary` with `--from` and `--everywhere` to revoke them.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043

Differential Revision: https://secure.phabricator.com/D18891
This commit is contained in:
epriestley 2018-01-20 08:52:48 -08:00
parent a9d7b4f0ff
commit 7970cf0585
3 changed files with 40 additions and 0 deletions

View file

@ -2133,6 +2133,7 @@ phutil_register_library_map(array(
'PhabricatorAuthTemporaryToken' => 'applications/auth/storage/PhabricatorAuthTemporaryToken.php',
'PhabricatorAuthTemporaryTokenGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthTemporaryTokenGarbageCollector.php',
'PhabricatorAuthTemporaryTokenQuery' => 'applications/auth/query/PhabricatorAuthTemporaryTokenQuery.php',
'PhabricatorAuthTemporaryTokenRevoker' => 'applications/auth/revoker/PhabricatorAuthTemporaryTokenRevoker.php',
'PhabricatorAuthTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php',
'PhabricatorAuthTemporaryTokenTypeModule' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenTypeModule.php',
'PhabricatorAuthTerminateSessionController' => 'applications/auth/controller/PhabricatorAuthTerminateSessionController.php',
@ -7422,6 +7423,7 @@ phutil_register_library_map(array(
),
'PhabricatorAuthTemporaryTokenGarbageCollector' => 'PhabricatorGarbageCollector',
'PhabricatorAuthTemporaryTokenQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
'PhabricatorAuthTemporaryTokenRevoker' => 'PhabricatorAuthRevoker',
'PhabricatorAuthTemporaryTokenType' => 'Phobject',
'PhabricatorAuthTemporaryTokenTypeModule' => 'PhabricatorConfigModule',
'PhabricatorAuthTerminateSessionController' => 'PhabricatorAuthController',

View file

@ -0,0 +1,33 @@
<?php
final class PhabricatorAuthTemporaryTokenRevoker
extends PhabricatorAuthRevoker {
const REVOKERKEY = 'temporary';
public function revokeAllCredentials() {
$table = new PhabricatorAuthTemporaryToken();
$conn = $table->establishConnection('w');
queryfx(
$conn,
'DELETE FROM %T',
$table->getTableName());
return $conn->getAffectedRows();
}
public function revokeCredentialsFrom($object) {
$table = new PhabricatorAuthTemporaryToken();
$conn = $table->establishConnection('w');
queryfx(
$conn,
'DELETE FROM %T WHERE tokenResource = %s',
$table->getTableName(),
$object->getPHID());
return $conn->getAffectedRows();
}
}

View file

@ -1646,6 +1646,11 @@ final class PhabricatorUSEnglishTranslation
'%s objects.',
),
'Destroyed %s credential(s) of type "%s".' => array(
'Destroyed one credential of type "%2$s".',
'Destroyed %s credentials of type "%s".',
),
);
}