mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-30 18:52:42 +01:00
a837c3d73e
Summary: Ref T10603. This makes minor updates to temporary tokens: - Rename `objectPHID` (which is sometimes used to store some other kind of identifier instead of a PHID) to `tokenResource` (i.e., which resource does this token permit access to?). - Add a `userPHID` column. For LFS tokens and some other types of tokens, I want to bind the token to both a resource (like a repository) and a user. - Add a `properties` column. This makes tokens more flexible and supports custom behavior (like scoping LFS tokens even more tightly). Test Plan: - Ran `bin/storage upgrade -f`, got a clean upgrade. - Viewed one-time tokens. - Revoked one token. - Revoked all tokens. - Performed a one-time login. - Performed a password reset. - Added an MFA token. - Removed an MFA token. - Used a file token to view a file. - Verified file token was removed after viewing file. - Linked my account to an OAuth1 account (Twitter). Reviewers: chad Reviewed By: chad Maniphest Tasks: T10603 Differential Revision: https://secure.phabricator.com/D15478
72 lines
2 KiB
PHP
72 lines
2 KiB
PHP
<?php
|
|
|
|
final class PhabricatorAuthRevokeTokenController
|
|
extends PhabricatorAuthController {
|
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
$viewer = $this->getViewer();
|
|
$id = $request->getURIData('id');
|
|
|
|
$is_all = ($id === 'all');
|
|
|
|
$query = id(new PhabricatorAuthTemporaryTokenQuery())
|
|
->setViewer($viewer)
|
|
->withTokenResources(array($viewer->getPHID()));
|
|
if (!$is_all) {
|
|
$query->withIDs(array($id));
|
|
}
|
|
|
|
$tokens = $query->execute();
|
|
foreach ($tokens as $key => $token) {
|
|
if (!$token->isRevocable()) {
|
|
// Don't revoke unrevocable tokens.
|
|
unset($tokens[$key]);
|
|
}
|
|
}
|
|
|
|
$panel_uri = '/settings/panel/tokens/';
|
|
|
|
if (!$tokens) {
|
|
return $this->newDialog()
|
|
->setTitle(pht('No Matching Tokens'))
|
|
->appendParagraph(
|
|
pht('There are no matching tokens to revoke.'))
|
|
->appendParagraph(
|
|
pht(
|
|
'(Some types of token can not be revoked, and you can not revoke '.
|
|
'tokens which have already expired.)'))
|
|
->addCancelButton($panel_uri);
|
|
}
|
|
|
|
if ($request->isDialogFormPost()) {
|
|
foreach ($tokens as $token) {
|
|
$token->revokeToken();
|
|
}
|
|
return id(new AphrontRedirectResponse())->setURI($panel_uri);
|
|
}
|
|
|
|
if ($is_all) {
|
|
$title = pht('Revoke Tokens?');
|
|
$short = pht('Revoke Tokens');
|
|
$body = pht(
|
|
'Really revoke all tokens? Among other temporary authorizations, '.
|
|
'this will disable any outstanding password reset or account '.
|
|
'recovery links.');
|
|
} else {
|
|
$title = pht('Revoke Token?');
|
|
$short = pht('Revoke Token');
|
|
$body = pht(
|
|
'Really revoke this token? Any temporary authorization it enables '.
|
|
'will be disabled.');
|
|
}
|
|
|
|
return $this->newDialog()
|
|
->setTitle($title)
|
|
->setShortTitle($short)
|
|
->appendParagraph($body)
|
|
->addSubmitButton(pht('Revoke'))
|
|
->addCancelButton($panel_uri);
|
|
}
|
|
|
|
|
|
}
|