mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-29 02:02:41 +01:00
ec8581ab62
Summary: Fixes T11223. I missed a few of these; most of them kept working anyway because we have redirects in place, but make them a bit more modern/not-hard-coded. Test Plan: - Generated and revoked API tokens for myself. - Generated and revoked API tokens for bots. - Revoked temporary tokens for myself. - Clicked the link to the API tokens panel from the Conduit console. - Clicked all the cancel buttons in all the dialogs, too. In all cases, everything now points at the correct URIs. Previously, some things pointed at the wrong URIs (mostly dealing with stuff for bots). Reviewers: chad Reviewed By: chad Maniphest Tasks: T11223 Differential Revision: https://secure.phabricator.com/D16185
75 lines
2 KiB
PHP
75 lines
2 KiB
PHP
<?php
|
|
|
|
final class PhabricatorAuthRevokeTokenController
|
|
extends PhabricatorAuthController {
|
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
$viewer = $this->getViewer();
|
|
$id = $request->getURIData('id');
|
|
|
|
$is_all = ($id === 'all');
|
|
|
|
$query = id(new PhabricatorAuthTemporaryTokenQuery())
|
|
->setViewer($viewer)
|
|
->withTokenResources(array($viewer->getPHID()));
|
|
if (!$is_all) {
|
|
$query->withIDs(array($id));
|
|
}
|
|
|
|
$tokens = $query->execute();
|
|
foreach ($tokens as $key => $token) {
|
|
if (!$token->isRevocable()) {
|
|
// Don't revoke unrevocable tokens.
|
|
unset($tokens[$key]);
|
|
}
|
|
}
|
|
|
|
$panel_uri = id(new PhabricatorTokensSettingsPanel())
|
|
->setViewer($viewer)
|
|
->setUser($viewer)
|
|
->getPanelURI();
|
|
|
|
if (!$tokens) {
|
|
return $this->newDialog()
|
|
->setTitle(pht('No Matching Tokens'))
|
|
->appendParagraph(
|
|
pht('There are no matching tokens to revoke.'))
|
|
->appendParagraph(
|
|
pht(
|
|
'(Some types of token can not be revoked, and you can not revoke '.
|
|
'tokens which have already expired.)'))
|
|
->addCancelButton($panel_uri);
|
|
}
|
|
|
|
if ($request->isDialogFormPost()) {
|
|
foreach ($tokens as $token) {
|
|
$token->revokeToken();
|
|
}
|
|
return id(new AphrontRedirectResponse())->setURI($panel_uri);
|
|
}
|
|
|
|
if ($is_all) {
|
|
$title = pht('Revoke Tokens?');
|
|
$short = pht('Revoke Tokens');
|
|
$body = pht(
|
|
'Really revoke all tokens? Among other temporary authorizations, '.
|
|
'this will disable any outstanding password reset or account '.
|
|
'recovery links.');
|
|
} else {
|
|
$title = pht('Revoke Token?');
|
|
$short = pht('Revoke Token');
|
|
$body = pht(
|
|
'Really revoke this token? Any temporary authorization it enables '.
|
|
'will be disabled.');
|
|
}
|
|
|
|
return $this->newDialog()
|
|
->setTitle($title)
|
|
->setShortTitle($short)
|
|
->appendParagraph($body)
|
|
->addSubmitButton(pht('Revoke'))
|
|
->addCancelButton($panel_uri);
|
|
}
|
|
|
|
|
|
}
|