1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-30 18:52:42 +01:00
phorge-phorge/src/applications/auth/controller/PhabricatorAuthRevokeTokenController.php
epriestley a837c3d73e Make temporary token storage/schema more flexible
Summary:
Ref T10603. This makes minor updates to temporary tokens:

  - Rename `objectPHID` (which is sometimes used to store some other kind of identifier instead of a PHID) to `tokenResource` (i.e., which resource does this token permit access to?).
  - Add a `userPHID` column. For LFS tokens and some other types of tokens, I want to bind the token to both a resource (like a repository) and a user.
  - Add a `properties` column. This makes tokens more flexible and supports custom behavior (like scoping LFS tokens even more tightly).

Test Plan:
- Ran `bin/storage upgrade -f`, got a clean upgrade.
- Viewed one-time tokens.
- Revoked one token.
- Revoked all tokens.
- Performed a one-time login.
- Performed a password reset.
- Added an MFA token.
- Removed an MFA token.
- Used a file token to view a file.
- Verified file token was removed after viewing file.
- Linked my account to an OAuth1 account (Twitter).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15478
2016-03-16 09:33:38 -07:00

72 lines
2 KiB
PHP

<?php
final class PhabricatorAuthRevokeTokenController
extends PhabricatorAuthController {
public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$id = $request->getURIData('id');
$is_all = ($id === 'all');
$query = id(new PhabricatorAuthTemporaryTokenQuery())
->setViewer($viewer)
->withTokenResources(array($viewer->getPHID()));
if (!$is_all) {
$query->withIDs(array($id));
}
$tokens = $query->execute();
foreach ($tokens as $key => $token) {
if (!$token->isRevocable()) {
// Don't revoke unrevocable tokens.
unset($tokens[$key]);
}
}
$panel_uri = '/settings/panel/tokens/';
if (!$tokens) {
return $this->newDialog()
->setTitle(pht('No Matching Tokens'))
->appendParagraph(
pht('There are no matching tokens to revoke.'))
->appendParagraph(
pht(
'(Some types of token can not be revoked, and you can not revoke '.
'tokens which have already expired.)'))
->addCancelButton($panel_uri);
}
if ($request->isDialogFormPost()) {
foreach ($tokens as $token) {
$token->revokeToken();
}
return id(new AphrontRedirectResponse())->setURI($panel_uri);
}
if ($is_all) {
$title = pht('Revoke Tokens?');
$short = pht('Revoke Tokens');
$body = pht(
'Really revoke all tokens? Among other temporary authorizations, '.
'this will disable any outstanding password reset or account '.
'recovery links.');
} else {
$title = pht('Revoke Token?');
$short = pht('Revoke Token');
$body = pht(
'Really revoke this token? Any temporary authorization it enables '.
'will be disabled.');
}
return $this->newDialog()
->setTitle($title)
->setShortTitle($short)
->appendParagraph($body)
->addSubmitButton(pht('Revoke'))
->addCancelButton($panel_uri);
}
}