Path: blob/master/src/applications/auth/controller/PhabricatorAuthUnlinkController.php
12256 views
<?php12final class PhabricatorAuthUnlinkController3extends PhabricatorAuthController {45public function handleRequest(AphrontRequest $request) {6$viewer = $this->getViewer();7$id = $request->getURIData('id');89$account = id(new PhabricatorExternalAccountQuery())10->setViewer($viewer)11->withIDs(array($id))12->requireCapabilities(13array(14PhabricatorPolicyCapability::CAN_VIEW,15PhabricatorPolicyCapability::CAN_EDIT,16))17->executeOne();18if (!$account) {19return new Aphront404Response();20}2122$done_uri = '/settings/panel/external/';2324$config = $account->getProviderConfig();25$provider = $config->getProvider();26if (!$provider->shouldAllowAccountUnlink()) {27return $this->renderNotUnlinkableErrorDialog($provider, $done_uri);28}2930$confirmations = $request->getStrList('confirmations');31$confirmations = array_fuse($confirmations);3233if (!$request->isFormOrHisecPost() || !isset($confirmations['unlink'])) {34return $this->renderConfirmDialog($confirmations, $config, $done_uri);35}3637// Check that this account isn't the only account which can be used to38// login. We warn you when you remove your only login account.39if ($account->isUsableForLogin()) {40$other_accounts = id(new PhabricatorExternalAccountQuery())41->setViewer($viewer)42->withUserPHIDs(array($viewer->getPHID()))43->execute();4445$valid_accounts = 0;46foreach ($other_accounts as $other_account) {47if ($other_account->isUsableForLogin()) {48$valid_accounts++;49}50}5152if ($valid_accounts < 2) {53if (!isset($confirmations['only'])) {54return $this->renderOnlyUsableAccountConfirmDialog(55$confirmations,56$done_uri);57}58}59}6061$workflow_key = sprintf(62'account.unlink(%s)',63$account->getPHID());6465$hisec_token = id(new PhabricatorAuthSessionEngine())66->setWorkflowKey($workflow_key)67->requireHighSecurityToken($viewer, $request, $done_uri);6869$account->unlinkAccount();7071id(new PhabricatorAuthSessionEngine())->terminateLoginSessions(72$viewer,73new PhutilOpaqueEnvelope(74$request->getCookie(PhabricatorCookies::COOKIE_SESSION)));7576return id(new AphrontRedirectResponse())->setURI($done_uri);77}7879private function renderNotUnlinkableErrorDialog(80PhabricatorAuthProvider $provider,81$done_uri) {8283return $this->newDialog()84->setTitle(pht('Permanent Account Link'))85->appendChild(86pht(87'You can not unlink this account because the administrator has '.88'configured this server to make links to "%s" accounts permanent.',89$provider->getProviderName()))90->addCancelButton($done_uri);91}9293private function renderOnlyUsableAccountConfirmDialog(94array $confirmations,95$done_uri) {9697$confirmations[] = 'only';9899return $this->newDialog()100->setTitle(pht('Unlink Your Only Login Account?'))101->addHiddenInput('confirmations', implode(',', $confirmations))102->appendParagraph(103pht(104'This is the only external login account linked to your Phabicator '.105'account. If you remove it, you may no longer be able to log in.'))106->appendParagraph(107pht(108'If you lose access to your account, you can recover access by '.109'sending yourself an email login link from the login screen.'))110->addCancelButton($done_uri)111->addSubmitButton(pht('Unlink External Account'));112}113114private function renderConfirmDialog(115array $confirmations,116PhabricatorAuthProviderConfig $config,117$done_uri) {118119$confirmations[] = 'unlink';120$provider = $config->getProvider();121122$title = pht('Unlink "%s" Account?', $provider->getProviderName());123$body = pht(124'You will no longer be able to use your %s account to '.125'log in.',126$provider->getProviderName());127128return $this->newDialog()129->setTitle($title)130->addHiddenInput('confirmations', implode(',', $confirmations))131->appendParagraph($body)132->appendParagraph(133pht(134'Note: Unlinking an authentication provider will terminate any '.135'other active login sessions.'))136->addSubmitButton(pht('Unlink Account'))137->addCancelButton($done_uri);138}139140}141142143