src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php

   1 <?php
   2
   3 final class PhabricatorAuthManagementRecoverWorkflow
   4   extends PhabricatorAuthManagementWorkflow {
   5
   6   protected function didConstruct() {
   7     $this
   8       ->setName('recover')
   9       ->setExamples('**recover** __username__')
  10       ->setSynopsis(
  11         pht(
  12           'Recover access to an account if you have locked yourself out.'))
  13       ->setArguments(
  14         array(
  15           array(
  16             'name' => 'force-full-session',
  17             'help' => pht(
  18               'Recover directly into a full session without requiring MFA '.
  19               'or other login checks.'),
  20           ),
  21           array(
  22             'name' => 'username',
  23             'wildcard' => true,
  24           ),
  25         ));
  26   }
  27
  28   public function execute(PhutilArgumentParser $args) {
  29     $usernames = $args->getArg('username');
  30     if (!$usernames) {
  31       throw new PhutilArgumentUsageException(
  32         pht('You must specify the username of the account to recover.'));
  33     } else if (count($usernames) > 1) {
  34       throw new PhutilArgumentUsageException(
  35         pht('You can only recover the username for one account.'));
  36     }
  37
  38     $username = head($usernames);
  39
  40     $user = id(new PhabricatorPeopleQuery())
  41       ->setViewer($this->getViewer())
  42       ->withUsernames(array($username))
  43       ->executeOne();
  44
  45     if (!$user) {
  46       throw new PhutilArgumentUsageException(
  47         pht(
  48           'No such user "%s" to recover.',
  49           $username));
  50     }
  51
  52     if (!$user->canEstablishWebSessions()) {
  53       throw new PhutilArgumentUsageException(
  54         pht(
  55           'This account ("%s") can not establish web sessions, so it is '.
  56           'not possible to generate a functional recovery link. Special '.
  57           'accounts like daemons and mailing lists can not log in via the '.
  58           'web UI.',
  59           $username));
  60     }
  61
  62     $force_full_session = $args->getArg('force-full-session');
  63
  64     $engine = new PhabricatorAuthSessionEngine();
  65     $onetime_uri = $engine->getOneTimeLoginURI(
  66       $user,
  67       null,
  68       PhabricatorAuthSessionEngine::ONETIME_RECOVER,
  69       $force_full_session);
  70
  71     $console = PhutilConsole::getConsole();
  72     $console->writeOut(
  73       pht(
  74         'Use this link to recover access to the "%s" account from the web '.
  75         'interface:',
  76         $username));
  77     $console->writeOut("\n\n");
  78     $console->writeOut('    %s', $onetime_uri);
  79     $console->writeOut("\n\n");
  80     $console->writeOut(
  81       "%s\n",
  82       pht(
  83         'After logging in, you can use the "Auth" application to add or '.
  84         'restore authentication providers and allow normal logins to '.
  85         'succeed.'));
  86
  87     return 0;
  88   }
  89
  90 }