src/applications/auth/revoker/PhabricatorAuthPasswordRevoker.php

   1 <?php
   2
   3 final class PhabricatorAuthPasswordRevoker
   4   extends PhabricatorAuthRevoker {
   5
   6   const REVOKERKEY = 'password';
   7
   8   public function getRevokerName() {
   9     return pht('Passwords');
  10   }
  11
  12   public function getRevokerDescription() {
  13     return pht(
  14       "Revokes all stored passwords.\n\n".
  15       "Account passwords and VCS passwords (used to access repositories ".
  16       "over HTTP) will both be revoked. Passwords for any third party ".
  17       "applications which use shared password infrastructure will also ".
  18       "be revoked.\n\n".
  19       "Users will need to reset account passwords, possibly by using the ".
  20       "\"Forgot Password?\" link on the login page. They will also need ".
  21       "to reset VCS passwords.\n\n".
  22       "Passwords are revoked, not just removed. Users will be unable to ".
  23       "select the passwords they used previously and must choose new, ".
  24       "unique passwords.\n\n".
  25       "Revoking passwords will not terminate outstanding login sessions. ".
  26       "Use the \"session\" revoker in conjunction with this revoker to force ".
  27       "users to login again.");
  28   }
  29
  30   public function getRevokerNextSteps() {
  31     return pht(
  32       'NOTE: Revoking passwords does not terminate existing sessions which '.
  33       'were established using the old passwords. To terminate existing '.
  34       'sessions, run the "session" revoker now.');
  35   }
  36
  37   public function revokeAllCredentials() {
  38     $query = new PhabricatorAuthPasswordQuery();
  39     return $this->revokeWithQuery($query);
  40   }
  41
  42   public function revokeCredentialsFrom($object) {
  43     $query = id(new PhabricatorAuthPasswordQuery())
  44       ->withObjectPHIDs(array($object->getPHID()));
  45     return $this->revokeWithQuery($query);
  46   }
  47
  48   private function revokeWithQuery(PhabricatorAuthPasswordQuery $query) {
  49     $viewer = $this->getViewer();
  50
  51     $passwords = $query
  52       ->setViewer($viewer)
  53       ->withIsRevoked(false)
  54       ->execute();
  55
  56     $content_source = PhabricatorContentSource::newForSource(
  57       PhabricatorDaemonContentSource::SOURCECONST);
  58
  59     $revoke_type = PhabricatorAuthPasswordRevokeTransaction::TRANSACTIONTYPE;
  60
  61     $auth_phid = id(new PhabricatorAuthApplication())->getPHID();
  62     foreach ($passwords as $password) {
  63       $xactions = array();
  64
  65       $xactions[] = $password->getApplicationTransactionTemplate()
  66         ->setTransactionType($revoke_type)
  67         ->setNewValue(true);
  68
  69       $editor = $password->getApplicationTransactionEditor()
  70         ->setActor($viewer)
  71         ->setActingAsPHID($auth_phid)
  72         ->setContinueOnNoEffect(true)
  73         ->setContinueOnMissingFields(true)
  74         ->setContentSource($content_source)
  75         ->applyTransactions($password, $xactions);
  76     }
  77
  78     return count($passwords);
  79   }
  80
  81 }