Add a bin/auth revoke revoker for sessions

Summary: Ref T13043. Allows CLI revocation of login sessions. Test Plan: Used `bin/auth revoke --type session` with `--from` and `--everywhere` to revoke sessions. Saw accounts get logged out in web UI. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13043 Differential Revision: https://secure.phabricator.com/D18892
2018-01-20 08:59:52 -08:00
parent 7970cf0585
commit 39c3b10a2f
2 changed files with 35 additions and 0 deletions
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -2126,6 +2126,7 @@ phutil_register_library_map(array(
    'PhabricatorAuthSessionGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthSessionGarbageCollector.php',
    'PhabricatorAuthSessionInfo' => 'applications/auth/data/PhabricatorAuthSessionInfo.php',
    'PhabricatorAuthSessionQuery' => 'applications/auth/query/PhabricatorAuthSessionQuery.php',
+    'PhabricatorAuthSessionRevoker' => 'applications/auth/revoker/PhabricatorAuthSessionRevoker.php',
    'PhabricatorAuthSetPasswordController' => 'applications/auth/controller/PhabricatorAuthSetPasswordController.php',
    'PhabricatorAuthSetupCheck' => 'applications/config/check/PhabricatorAuthSetupCheck.php',
    'PhabricatorAuthStartController' => 'applications/auth/controller/PhabricatorAuthStartController.php',
@@ -7413,6 +7414,7 @@ phutil_register_library_map(array(
    'PhabricatorAuthSessionGarbageCollector' => 'PhabricatorGarbageCollector',
    'PhabricatorAuthSessionInfo' => 'Phobject',
    'PhabricatorAuthSessionQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
+    'PhabricatorAuthSessionRevoker' => 'PhabricatorAuthRevoker',
    'PhabricatorAuthSetPasswordController' => 'PhabricatorAuthController',
    'PhabricatorAuthSetupCheck' => 'PhabricatorSetupCheck',
    'PhabricatorAuthStartController' => 'PhabricatorAuthController',
--- a/src/applications/auth/revoker/PhabricatorAuthSessionRevoker.php
+++ b/src/applications/auth/revoker/PhabricatorAuthSessionRevoker.php
@@ -0,0 +1,33 @@
+<?php
+
+final class PhabricatorAuthSessionRevoker
+  extends PhabricatorAuthRevoker {
+
+  const REVOKERKEY = 'session';
+
+  public function revokeAllCredentials() {
+    $table = new PhabricatorAuthSession();
+    $conn = $table->establishConnection('w');
+
+    queryfx(
+      $conn,
+      'DELETE FROM %T',
+      $table->getTableName());
+
+    return $conn->getAffectedRows();
+  }
+
+  public function revokeCredentialsFrom($object) {
+    $table = new PhabricatorAuthSession();
+    $conn = $table->establishConnection('w');
+
+    queryfx(
+      $conn,
+      'DELETE FROM %T WHERE userPHID = %s',
+      $table->getTableName(),
+      $object->getPHID());
+
+    return $conn->getAffectedRows();
+  }
+
+}