src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php

   1 <?php
   2
   3 final class PhabricatorAuthManagementRecoverWorkflow
   4   extends PhabricatorAuthManagementWorkflow {
   5
   6   protected function didConstruct() {
   7     $this
   8       ->setName('recover')
   9       ->setExamples('**recover** __username__')
  10       ->setSynopsis(
  11         pht(
  12           'Recover access to an account if you have locked yourself out '.
  13           'of Phabricator.'))
  14       ->setArguments(
  15         array(
  16           array(
  17             'name' => 'force-full-session',
  18             'help' => pht(
  19               'Recover directly into a full session without requiring MFA '.
  20               'or other login checks.'),
  21           ),
  22           array(
  23             'name' => 'username',
  24             'wildcard' => true,
  25           ),
  26         ));
  27   }
  28
  29   public function execute(PhutilArgumentParser $args) {
  30     $usernames = $args->getArg('username');
  31     if (!$usernames) {
  32       throw new PhutilArgumentUsageException(
  33         pht('You must specify the username of the account to recover.'));
  34     } else if (count($usernames) > 1) {
  35       throw new PhutilArgumentUsageException(
  36         pht('You can only recover the username for one account.'));
  37     }
  38
  39     $username = head($usernames);
  40
  41     $user = id(new PhabricatorPeopleQuery())
  42       ->setViewer($this->getViewer())
  43       ->withUsernames(array($username))
  44       ->executeOne();
  45
  46     if (!$user) {
  47       throw new PhutilArgumentUsageException(
  48         pht(
  49           'No such user "%s" to recover.',
  50           $username));
  51     }
  52
  53     if (!$user->canEstablishWebSessions()) {
  54       throw new PhutilArgumentUsageException(
  55         pht(
  56           'This account ("%s") can not establish web sessions, so it is '.
  57           'not possible to generate a functional recovery link. Special '.
  58           'accounts like daemons and mailing lists can not log in via the '.
  59           'web UI.',
  60           $username));
  61     }
  62
  63     $force_full_session = $args->getArg('force-full-session');
  64
  65     $engine = new PhabricatorAuthSessionEngine();
  66     $onetime_uri = $engine->getOneTimeLoginURI(
  67       $user,
  68       null,
  69       PhabricatorAuthSessionEngine::ONETIME_RECOVER,
  70       $force_full_session);
  71
  72     $console = PhutilConsole::getConsole();
  73     $console->writeOut(
  74       pht(
  75         'Use this link to recover access to the "%s" account from the web '.
  76         'interface:',
  77         $username));
  78     $console->writeOut("\n\n");
  79     $console->writeOut('    %s', $onetime_uri);
  80     $console->writeOut("\n\n");
  81     $console->writeOut(
  82       "%s\n",
  83       pht(
  84         'After logging in, you can use the "Auth" application to add or '.
  85         'restore authentication providers and allow normal logins to '.
  86         'succeed.'));
  87
  88     return 0;
  89   }
  90
  91 }