Path: blob/master/src/applications/auth/management/PhabricatorAuthManagementStripWorkflow.php
12256 views
<?php12final class PhabricatorAuthManagementStripWorkflow3extends PhabricatorAuthManagementWorkflow {45protected function didConstruct() {6$this7->setName('strip')8->setExamples('**strip** [--user username] [--type type]')9->setSynopsis(pht('Remove multi-factor authentication from an account.'))10->setArguments(11array(12array(13'name' => 'user',14'param' => 'username',15'repeat' => true,16'help' => pht('Strip factors from specified users.'),17),18array(19'name' => 'all-users',20'help' => pht('Strip factors from all users.'),21),22array(23'name' => 'type',24'param' => 'factortype',25'repeat' => true,26'help' => pht(27'Strip a specific factor type. Use `bin/auth list-factors` for '.28'a list of factor types.'),29),30array(31'name' => 'all-types',32'help' => pht('Strip all factors, regardless of type.'),33),34array(35'name' => 'provider',36'param' => 'phid',37'repeat' => true,38'help' => pht(39'Strip factors for a specific provider. Use '.40'`bin/auth list-mfa-providers` for a list of providers.'),41),42array(43'name' => 'force',44'help' => pht('Strip factors without prompting.'),45),46array(47'name' => 'dry-run',48'help' => pht('Show factors, but do not strip them.'),49),50));51}5253public function execute(PhutilArgumentParser $args) {54$viewer = $this->getViewer();5556$usernames = $args->getArg('user');57$all_users = $args->getArg('all-users');5859if ($usernames && $all_users) {60throw new PhutilArgumentUsageException(61pht(62'Specify either specific users with %s, or all users with '.63'%s, but not both.',64'--user',65'--all-users'));66} else if (!$usernames && !$all_users) {67throw new PhutilArgumentUsageException(68pht(69'Use "--user <username>" to specify which user to strip factors '.70'from, or "--all-users" to strip factors from all users.'));71} else if ($usernames) {72$users = id(new PhabricatorPeopleQuery())73->setViewer($this->getViewer())74->withUsernames($usernames)75->execute();7677$users_by_username = mpull($users, null, 'getUsername');78foreach ($usernames as $username) {79if (empty($users_by_username[$username])) {80throw new PhutilArgumentUsageException(81pht(82'No user exists with username "%s".',83$username));84}85}86} else {87$users = null;88}8990$types = $args->getArg('type');91$provider_phids = $args->getArg('provider');92$all_types = $args->getArg('all-types');93if ($types && $all_types) {94throw new PhutilArgumentUsageException(95pht(96'Specify either specific factors with "--type", or all factors with '.97'"--all-types", but not both.'));98} else if ($provider_phids && $all_types) {99throw new PhutilArgumentUsageException(100pht(101'Specify either specific factors with "--provider", or all factors '.102'with "--all-types", but not both.'));103} else if (!$types && !$all_types && !$provider_phids) {104throw new PhutilArgumentUsageException(105pht(106'Use "--type <type>" or "--provider <phid>" to specify which '.107'factors to strip, or "--all-types" to strip all factors. '.108'Use `bin/auth list-factors` to show the available factor types '.109'or `bin/auth list-mfa-providers` to show available providers.'));110}111112$type_map = PhabricatorAuthFactor::getAllFactors();113114if ($types) {115foreach ($types as $type) {116if (!isset($type_map[$type])) {117throw new PhutilArgumentUsageException(118pht(119'Factor type "%s" is unknown. Use `bin/auth list-factors` to '.120'get a list of known factor types.',121$type));122}123}124}125126$provider_query = id(new PhabricatorAuthFactorProviderQuery())127->setViewer($viewer);128129if ($provider_phids) {130$provider_query->withPHIDs($provider_phids);131}132133if ($types) {134$provider_query->withProviderFactorKeys($types);135}136137$providers = $provider_query->execute();138$providers = mpull($providers, null, 'getPHID');139140if ($provider_phids) {141foreach ($provider_phids as $provider_phid) {142if (!isset($providers[$provider_phid])) {143throw new PhutilArgumentUsageException(144pht(145'No provider with PHID "%s" exists. '.146'Use `bin/auth list-mfa-providers` to list providers.',147$provider_phid));148}149}150} else {151if (!$providers) {152throw new PhutilArgumentUsageException(153pht(154'There are no configured multi-factor providers.'));155}156}157158$factor_query = id(new PhabricatorAuthFactorConfigQuery())159->setViewer($viewer)160->withFactorProviderPHIDs(array_keys($providers));161162if ($users) {163$factor_query->withUserPHIDs(mpull($users, 'getPHID'));164}165166$factors = $factor_query->execute();167168if (!$factors) {169throw new PhutilArgumentUsageException(170pht('There are no matching factors to strip.'));171}172173$handles = id(new PhabricatorHandleQuery())174->setViewer($this->getViewer())175->withPHIDs(mpull($factors, 'getUserPHID'))176->execute();177178$console = PhutilConsole::getConsole();179180$console->writeOut("%s\n\n", pht('These auth factors will be stripped:'));181182foreach ($factors as $factor) {183$provider = $factor->getFactorProvider();184185echo tsprintf(186" %s\t%s\t%s\n",187$handles[$factor->getUserPHID()]->getName(),188$provider->getProviderFactorKey(),189$provider->getDisplayName());190}191192$is_dry_run = $args->getArg('dry-run');193if ($is_dry_run) {194$console->writeOut(195"\n%s\n",196pht('End of dry run.'));197198return 0;199}200201$force = $args->getArg('force');202if (!$force) {203if (!$console->confirm(pht('Strip these authentication factors?'))) {204throw new PhutilArgumentUsageException(205pht('User aborted the workflow.'));206}207}208209$console->writeOut("%s\n", pht('Stripping authentication factors...'));210211$engine = new PhabricatorDestructionEngine();212foreach ($factors as $factor) {213$engine->destroyObject($factor);214}215216$console->writeOut("%s\n", pht('Done.'));217218return 0;219}220221}222223224