diff --git a/bin/accountadmin b/bin/accountadmin
deleted file mode 120000
index a846766c26..0000000000
--- a/bin/accountadmin
+++ /dev/null
@@ -1 +0,0 @@
-../scripts/user/account_admin.php
\ No newline at end of file
diff --git a/scripts/user/account_admin.php b/scripts/user/account_admin.php
deleted file mode 100755
index 4e4500a2f7..0000000000
--- a/scripts/user/account_admin.php
+++ /dev/null
@@ -1,228 +0,0 @@
-#!/usr/bin/env php
-<?php
-
-$root = dirname(dirname(dirname(__FILE__)));
-require_once $root.'/scripts/__init_script__.php';
-
-$table = new PhabricatorUser();
-$any_user = queryfx_one(
- $table->establishConnection('r'),
- 'SELECT * FROM %T LIMIT 1',
- $table->getTableName());
-$is_first_user = (!$any_user);
-
-if ($is_first_user) {
- echo pht(
- "WARNING\n\n".
- "You're about to create the first account on this install. Normally, ".
- "you should use the web interface to create the first account, not ".
- "this script.\n\n".
- "If you use the web interface, it will drop you into a nice UI workflow ".
- "which gives you more help setting up your install. If you create an ".
- "account with this script instead, you will skip the setup help and you ".
- "will not be able to access it later.");
- if (!phutil_console_confirm(pht('Skip easy setup and create account?'))) {
- echo pht('Cancelled.')."\n";
- exit(1);
- }
-}
-
-echo pht(
- 'Enter a username to create a new account or edit an existing account.');
-
-$username = phutil_console_prompt(pht('Enter a username:'));
-if (!strlen($username)) {
- echo pht('Cancelled.')."\n";
- exit(1);
-}
-
-if (!PhabricatorUser::validateUsername($username)) {
- $valid = PhabricatorUser::describeValidUsername();
- echo pht("The username '%s' is invalid. %s", $username, $valid)."\n";
- exit(1);
-}
-
-
-$user = id(new PhabricatorUser())->loadOneWhere(
- 'username = %s',
- $username);
-
-if (!$user) {
- $original = new PhabricatorUser();
-
- echo pht("There is no existing user account '%s'.", $username)."\n";
- $ok = phutil_console_confirm(
- pht("Do you want to create a new '%s' account?", $username),
- $default_no = false);
- if (!$ok) {
- echo pht('Cancelled.')."\n";
- exit(1);
- }
- $user = new PhabricatorUser();
- $user->setUsername($username);
-
- $is_new = true;
-} else {
- $original = clone $user;
-
- echo pht("There is an existing user account '%s'.", $username)."\n";
- $ok = phutil_console_confirm(
- pht("Do you want to edit the existing '%s' account?", $username),
- $default_no = false);
- if (!$ok) {
- echo pht('Cancelled.')."\n";
- exit(1);
- }
-
- $is_new = false;
-}
-
-$user_realname = $user->getRealName();
-if (strlen($user_realname)) {
- $realname_prompt = ' ['.$user_realname.']:';
-} else {
- $realname_prompt = ':';
-}
-$realname = nonempty(
- phutil_console_prompt(pht('Enter user real name').$realname_prompt),
- $user_realname);
-$user->setRealName($realname);
-
-// When creating a new user we prompt for an email address; when editing an
-// existing user we just skip this because it would be quite involved to provide
-// a reasonable CLI interface for editing multiple addresses and managing email
-// verification and primary addresses.
-
-$create_email = null;
-if ($is_new) {
- do {
- $email = phutil_console_prompt(pht('Enter user email address:'));
- $duplicate = id(new PhabricatorUserEmail())->loadOneWhere(
- 'address = %s',
- $email);
- if ($duplicate) {
- echo pht(
- "ERROR: There is already a user with that email address. ".
- "Each user must have a unique email address.\n");
- } else {
- break;
- }
- } while (true);
-
- $create_email = $email;
-}
-
-$is_system_agent = $user->getIsSystemAgent();
-$set_system_agent = phutil_console_confirm(
- pht('Is this user a bot?'),
- $default_no = !$is_system_agent);
-
-$verify_email = null;
-$set_verified = false;
-// Allow administrators to verify primary email addresses at this time in edit
-// scenarios. (Create will work just fine from here as we auto-verify email
-// on create.)
-if (!$is_new) {
- $verify_email = $user->loadPrimaryEmail();
- if (!$verify_email->getIsVerified()) {
- $set_verified = phutil_console_confirm(
- pht('Should the primary email address be verified?'),
- $default_no = true);
- } else {
- // Already verified so let's not make a fuss.
- $verify_email = null;
- }
-}
-
-$is_admin = $user->getIsAdmin();
-$set_admin = phutil_console_confirm(
- pht('Should this user be an administrator?'),
- $default_no = !$is_admin);
-
-echo "\n\n".pht('ACCOUNT SUMMARY')."\n\n";
-$tpl = "%12s %-30s %-30s\n";
-printf($tpl, null, pht('OLD VALUE'), pht('NEW VALUE'));
-printf($tpl, pht('Username'), $original->getUsername(), $user->getUsername());
-printf($tpl, pht('Real Name'), $original->getRealName(), $user->getRealName());
-if ($is_new) {
- printf($tpl, pht('Email'), '', $create_email);
-}
-
-printf(
- $tpl,
- pht('Bot'),
- $original->getIsSystemAgent() ? 'Y' : 'N',
- $set_system_agent ? 'Y' : 'N');
-
-if ($verify_email) {
- printf(
- $tpl,
- pht('Verify Email'),
- $verify_email->getIsVerified() ? 'Y' : 'N',
- $set_verified ? 'Y' : 'N');
-}
-
-printf(
- $tpl,
- pht('Admin'),
- $original->getIsAdmin() ? 'Y' : 'N',
- $set_admin ? 'Y' : 'N');
-
-echo "\n";
-
-if (!phutil_console_confirm(pht('Save these changes?'), $default_no = false)) {
- echo pht('Cancelled.')."\n";
- exit(1);
-}
-
-$user->openTransaction();
-
- $editor = new PhabricatorUserEditor();
-
- // TODO: This is wrong, but we have a chicken-and-egg problem when you use
- // this script to create the first user.
- $editor->setActor($user);
-
- if ($is_new) {
- $email = id(new PhabricatorUserEmail())
- ->setAddress($create_email)
- ->setIsVerified(1);
-
- // Unconditionally approve new accounts created from the CLI.
- $user->setIsApproved(1);
-
- $editor->createNewUser($user, $email);
- } else {
- if ($verify_email) {
- $user->setIsEmailVerified(1);
- $verify_email->setIsVerified($set_verified ? 1 : 0);
- }
- $editor->updateUser($user, $verify_email);
- }
-
- $editor->makeSystemAgentUser($user, $set_system_agent);
-
- $xactions = array();
- $xactions[] = id(new PhabricatorUserTransaction())
- ->setTransactionType(
- PhabricatorUserEmpowerTransaction::TRANSACTIONTYPE)
- ->setNewValue($set_admin);
-
- $actor = PhabricatorUser::getOmnipotentUser();
- $content_source = PhabricatorContentSource::newForSource(
- PhabricatorConsoleContentSource::SOURCECONST);
-
- $people_application_phid = id(new PhabricatorPeopleApplication())->getPHID();
-
- $transaction_editor = id(new PhabricatorUserTransactionEditor())
- ->setActor($actor)
- ->setActingAsPHID($people_application_phid)
- ->setContentSource($content_source)
- ->setContinueOnNoEffect(true)
- ->setContinueOnMissingFields(true);
-
- $transaction_editor->applyTransactions($user, $xactions);
-
-$user->saveTransaction();
-
-echo pht('Saved changes.')."\n";
diff --git a/scripts/user/add_user.php b/scripts/user/add_user.php
deleted file mode 100755
index 2554ab3ddc..0000000000
--- a/scripts/user/add_user.php
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/usr/bin/env php
-<?php
-
-$root = dirname(dirname(dirname(__FILE__)));
-require_once $root.'/scripts/__init_script__.php';
-
-if ($argc !== 5) {
- echo pht(
- "Usage: %s\n",
- 'add_user.php <username> <email> <realname> <admin_user>');
- exit(1);
-}
-
-$username = $argv[1];
-$email = $argv[2];
-$realname = $argv[3];
-$admin = $argv[4];
-
-$admin = id(new PhabricatorUser())->loadOneWhere(
- 'username = %s',
- $argv[4]);
-if (!$admin) {
- throw new Exception(
- pht(
- 'Admin user must be the username of a valid Phabricator account, used '.
- 'to send the new user a welcome email.'));
-}
-
-$existing_user = id(new PhabricatorUser())->loadOneWhere(
- 'username = %s',
- $username);
-if ($existing_user) {
- throw new Exception(
- pht(
- "There is already a user with the username '%s'!",
- $username));
-}
-
-$existing_email = id(new PhabricatorUserEmail())->loadOneWhere(
- 'address = %s',
- $email);
-if ($existing_email) {
- throw new Exception(
- pht(
- "There is already a user with the email '%s'!",
- $email));
-}
-
-$user = new PhabricatorUser();
-$user->setUsername($username);
-$user->setRealname($realname);
-$user->setIsApproved(1);
-
-$email_object = id(new PhabricatorUserEmail())
- ->setAddress($email)
- ->setIsVerified(1);
-
-id(new PhabricatorUserEditor())
- ->setActor($admin)
- ->createNewUser($user, $email_object);
-
-$welcome_engine = id(new PhabricatorPeopleWelcomeMailEngine())
- ->setSender($admin)
- ->setRecipient($user);
-if ($welcome_engine->canSendMail()) {
- $welcome_engine->sendMail();
-}
-
-echo pht(
- "Created user '%s' (realname='%s', email='%s').\n",
- $username,
- $realname,
- $email);
diff --git a/src/docs/user/configuration/configuring_accounts_and_registration.diviner b/src/docs/user/configuration/configuring_accounts_and_registration.diviner
index a56d7377cb..e703c46402 100644
--- a/src/docs/user/configuration/configuring_accounts_and_registration.diviner
+++ b/src/docs/user/configuration/configuring_accounts_and_registration.diviner
@@ -1,83 +1,61 @@
@title Configuring Accounts and Registration
@group config
Describes how to configure user access to Phabricator.
Overview
========
Phabricator supports a number of login systems. You can enable or disable these
systems to configure who can register for and access your install, and how users
with existing accounts can login.
Methods of logging in are called **Authentication Providers**. For example,
there is a "Username/Password" authentication provider available, which allows
users to log in with a traditional username and password. Other providers
support logging in with other credentials. For example:
- **LDAP:** Users use LDAP credentials to log in or register.
- **OAuth:** Users use accounts on a supported OAuth2 provider (like
GitHub, Facebook, or Google) to log in or register.
- **Other Providers:** More providers are available, and Phabricator
can be extended with custom providers. See the "Auth" application for
a list of available providers.
By default, no providers are enabled. You must use the "Auth" application to
add one or more providers after you complete the installation process.
After you add a provider, you can link it to existing accounts (for example,
associate an existing Phabricator account with a GitHub OAuth account) or users
can use it to register new accounts (assuming you enable these options).
Recovering Inaccessible Accounts
================================
If you accidentally lock yourself out of Phabricator (for example, by disabling
all authentication providers), you can normally use the "send a login link"
action from the login screen to email yourself a login link and regain access
to your account.
If that isn't working (perhaps because you haven't configured email yet), you
can use the `bin/auth` script to recover access to an account. To recover
access, run:
```
phabricator/ $ ./bin/auth recover <username>
```
...where `<username>` is the account username you want to recover access
to. This will generate a link which will log you in as the specified user.
-
-Managing Accounts with the Web Console
-======================================
-
-To manage accounts from the web, login as an administrator account and go to
-`/people/` or click "People" on the homepage. Provided you're an admin,
-you'll see options to create or edit accounts.
-
-
-Manually Creating New Accounts
-==============================
-
-There are two ways to manually create new accounts: via the web UI using
-the "People" application (this is easiest), or via the CLI using the
-`accountadmin` binary (this has a few more options).
-
-To use the CLI script, run:
-
- phabricator/ $ ./bin/accountadmin
-
-Some options (like changing certain account flags) are only available from
-the CLI. You can also use this script to make a user
-an administrator (if you accidentally remove your admin flag) or to create an
-administrative account.
+For more details on recovering access to accounts and unlocking objects, see
+@{article:User Guide: Unlocking Objects}.
Next Steps
==========
Continue by:
- returning to the @{article:Configuration Guide}.