phorge-phorge/src/applications/settings/panel/PhabricatorSSHKeysSettingsPanel.php

<?php

final class PhabricatorSSHKeysSettingsPanel extends PhabricatorSettingsPanel {

  public function isEditableByAdministrators() {
    return true;
  }

  public function getPanelKey() {
    return 'ssh';
  }

  public function getPanelName() {
    return pht('SSH Public Keys');
  }

  public function getPanelGroup() {
    return pht('Authentication');
  }

  public function isEnabled() {
    return true;
  }

  public function processRequest(AphrontRequest $request) {
    $user = $this->getUser();
    $viewer = $request->getUser();

    $keys = id(new PhabricatorAuthSSHKeyQuery())
      ->setViewer($viewer)
      ->withObjectPHIDs(array($user->getPHID()))
      ->execute();

    $table = id(new PhabricatorAuthSSHKeyTableView())
      ->setUser($viewer)
      ->setKeys($keys)
      ->setCanEdit(true)
      ->setNoDataString("You haven't added any SSH Public Keys.");

    $panel = new PHUIObjectBoxView();
    $header = new PHUIHeaderView();

    $upload_icon = id(new PHUIIconView())
      ->setIconFont('fa-upload');
    $upload_button = id(new PHUIButtonView())
      ->setText(pht('Upload Public Key'))
      ->setHref('/auth/sshkey/upload/?objectPHID='.$user->getPHID())
      ->setWorkflow(true)
      ->setTag('a')
      ->setIcon($upload_icon);

    try {
      PhabricatorSSHKeyGenerator::assertCanGenerateKeypair();
      $can_generate = true;
    } catch (Exception $ex) {
      $can_generate = false;
    }

    $generate_icon = id(new PHUIIconView())
      ->setIconFont('fa-lock');
    $generate_button = id(new PHUIButtonView())
      ->setText(pht('Generate Keypair'))
      ->setHref('/auth/sshkey/generate/?objectPHID='.$user->getPHID())
      ->setTag('a')
      ->setWorkflow(true)
      ->setDisabled(!$can_generate)
      ->setIcon($generate_icon);

    $header->setHeader(pht('SSH Public Keys'));
    $header->addActionLink($generate_button);
    $header->addActionLink($upload_button);

    $panel->setHeader($header);
    $panel->appendChild($table);

    return $panel;
  }

}
Allow users to associate SSH Public Keys with their accounts Summary: With the sshd-vcs thing I hacked together, this will enable Phabricator to host repositories without requiring users to have SSH accounts. I also fixed "subporjects" and added an explicit ENGINE to it. Test Plan: Created, edited and deleted public keys. Attempted to add the same public key twice. Attempted to add invalid and unnamed public keys. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran, cadamo, codeblock CC: aran, epriestley Differential Revision: 711 2011-07-22 10:17:57 -07:00			`<?php`

Rename `PhabricatorSettingsPanel` subclasses for consistency Summary: Ref T5655. Test Plan: `arc lint` and `arc unit` Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T5655 Differential Revision: https://secure.phabricator.com/D11136 2015-01-02 15:20:08 +11:00			`final class PhabricatorSSHKeysSettingsPanel extends PhabricatorSettingsPanel {`
Allow users to associate SSH Public Keys with their accounts Summary: With the sshd-vcs thing I hacked together, this will enable Phabricator to host repositories without requiring users to have SSH accounts. I also fixed "subporjects" and added an explicit ENGINE to it. Test Plan: Created, edited and deleted public keys. Attempted to add the same public key twice. Attempted to add invalid and unnamed public keys. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran, cadamo, codeblock CC: aran, epriestley Differential Revision: 711 2011-07-22 10:17:57 -07:00
Give administrators selective access to System Agent settings panels Summary: Ref T4065. Give administrators an "Edit Settings" link from profiles, which allows selective edit of settings panels. Enable Conduit, SSH Keys, and VCS Password. Test Plan: - Used these panels for a bot. - Used these panels on my own account. - Tried to use these panels for a non-bot account, was denied. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4065 Differential Revision: https://secure.phabricator.com/D8668 2014-04-02 12:06:05 -07:00			`public function isEditableByAdministrators() {`
			`return true;`
			`}`

Make settings panels more modular and modern Summary: Currently, we have a hard-coded list of settings panels. Make them a bit more modular. - Allow new settings panels to be defined by third-party code (see {D2340}, for example -- @ptarjan). - This makes the OAuth stuff more flexible for {T887} / {T1536}. - Reduce the number of hard-coded URIs in various places. Test Plan: Viewed / edited every option in every panel. Grepped for all references to these URIs. Reviewers: btrahan, vrana, ptarjan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D3257 2012-08-13 12:37:26 -07:00			`public function getPanelKey() {`
			`return 'ssh';`
			`}`

			`public function getPanelName() {`
			`return pht('SSH Public Keys');`
			`}`
Allow users to associate SSH Public Keys with their accounts Summary: With the sshd-vcs thing I hacked together, this will enable Phabricator to host repositories without requiring users to have SSH accounts. I also fixed "subporjects" and added an explicit ENGINE to it. Test Plan: Created, edited and deleted public keys. Attempted to add the same public key twice. Attempted to add invalid and unnamed public keys. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran, cadamo, codeblock CC: aran, epriestley Differential Revision: 711 2011-07-22 10:17:57 -07:00
Make settings panels more modular and modern Summary: Currently, we have a hard-coded list of settings panels. Make them a bit more modular. - Allow new settings panels to be defined by third-party code (see {D2340}, for example -- @ptarjan). - This makes the OAuth stuff more flexible for {T887} / {T1536}. - Reduce the number of hard-coded URIs in various places. Test Plan: Viewed / edited every option in every panel. Grepped for all references to these URIs. Reviewers: btrahan, vrana, ptarjan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D3257 2012-08-13 12:37:26 -07:00			`public function getPanelGroup() {`
			`return pht('Authentication');`
			`}`

			`public function isEnabled() {`
Enable "SSH Keys" auth panel unconditionally Summary: We've had support for this for a long time, but it was conditional on config. Since it more-or-less actually does something now, just enable it unconditionally. Test Plan: Settings -> SSH Public Keys Reviewers: btrahan Reviewed By: btrahan CC: hach-que, aran Maniphest Tasks: T2230 Differential Revision: https://secure.phabricator.com/D7426 2013-10-26 14:32:47 -07:00			`return true;`
Move "Preferences" to "Settings" Summary: It makes more sense to just make this a settings panel rather than a standalone app, particularly since setting panels are relatively well separated now. Also default-disabled the SSH Keys interface since it won't currently be useful for most installs. Test Plan: Edited preferences. Reviewed By: jungejason Reviewers: tuomaspelkonen, jungejason, aran CC: aran, jungejason Differential Revision: 716 2011-07-24 11:02:08 -07:00			`}`

Make settings panels more modular and modern Summary: Currently, we have a hard-coded list of settings panels. Make them a bit more modular. - Allow new settings panels to be defined by third-party code (see {D2340}, for example -- @ptarjan). - This makes the OAuth stuff more flexible for {T887} / {T1536}. - Reduce the number of hard-coded URIs in various places. Test Plan: Viewed / edited every option in every panel. Grepped for all references to these URIs. Reviewers: btrahan, vrana, ptarjan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D3257 2012-08-13 12:37:26 -07:00			`public function processRequest(AphrontRequest $request) {`
Give administrators selective access to System Agent settings panels Summary: Ref T4065. Give administrators an "Edit Settings" link from profiles, which allows selective edit of settings panels. Enable Conduit, SSH Keys, and VCS Password. Test Plan: - Used these panels for a bot. - Used these panels on my own account. - Tried to use these panels for a non-bot account, was denied. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4065 Differential Revision: https://secure.phabricator.com/D8668 2014-04-02 12:06:05 -07:00			`$user = $this->getUser();`
			`$viewer = $request->getUser();`
Allow users to associate SSH Public Keys with their accounts Summary: With the sshd-vcs thing I hacked together, this will enable Phabricator to host repositories without requiring users to have SSH accounts. I also fixed "subporjects" and added an explicit ENGINE to it. Test Plan: Created, edited and deleted public keys. Attempted to add the same public key twice. Attempted to add invalid and unnamed public keys. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran, cadamo, codeblock CC: aran, epriestley Differential Revision: 711 2011-07-22 10:17:57 -07:00
Add a query/policy layer on top of SSH keys for Almanac Summary: Ref T5833. Currently, SSH keys are associated only with users, and are a bit un-modern. I want to let Almanac Devices have SSH keys so devices in a cluster can identify to one another. For example, with hosted installs, initialization will go something like this: - A request comes in for `company.phacility.com`. - A SiteSource (from D10787) makes a Conduit call to Almanac on the master install to check if `company` is a valid install and pull config if it is. - This call can be signed with an SSH key which identifies a trusted Almanac Device. In the cluster case, a web host can make an authenticated call to a repository host with similar key signing. To move toward this, put a proper Query class on top of SSH key access (this diff). In following diffs, I'll: - Rename `userPHID` to `objectPHID`. - Move this to the `auth` database. - Provide UI for device/key association. An alternative approach would be to build some kind of special token layer in Conduit, but I think that would be a lot harder to manage in the hosting case. This gives us a more direct attack on trusting requests from machines and recognizing machines as first (well, sort of second-class) actors without needing things like fake user accounts. Test Plan: - Added and removed SSH keys. - Added and removed SSH keys from a bot account. - Tried to edit an unonwned SSH key (denied). - Ran `bin/ssh-auth`, got sensible output. - Ran `bin/ssh-auth-key`, got sensible output. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5833 Differential Revision: https://secure.phabricator.com/D10790 2014-11-06 12:37:02 -08:00			`$keys = id(new PhabricatorAuthSSHKeyQuery())`
			`->setViewer($viewer)`
			`->withObjectPHIDs(array($user->getPHID()))`
			`->execute();`
Allow users to associate SSH Public Keys with their accounts Summary: With the sshd-vcs thing I hacked together, this will enable Phabricator to host repositories without requiring users to have SSH accounts. I also fixed "subporjects" and added an explicit ENGINE to it. Test Plan: Created, edited and deleted public keys. Attempted to add the same public key twice. Attempted to add invalid and unnamed public keys. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran, cadamo, codeblock CC: aran, epriestley Differential Revision: 711 2011-07-22 10:17:57 -07:00
Allow Almanac devices to have SSH keys Summary: Ref T5833. Expose a key management interface for Almanac devices. Test Plan: {F231962} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5833 Differential Revision: https://secure.phabricator.com/D10825 2014-11-11 08:20:08 -08:00			`$table = id(new PhabricatorAuthSSHKeyTableView())`
			`->setUser($viewer)`
			`->setKeys($keys)`
			`->setCanEdit(true)`
			`->setNoDataString("You haven't added any SSH Public Keys.");`
Allow users to associate SSH Public Keys with their accounts Summary: With the sshd-vcs thing I hacked together, this will enable Phabricator to host repositories without requiring users to have SSH accounts. I also fixed "subporjects" and added an explicit ENGINE to it. Test Plan: Created, edited and deleted public keys. Attempted to add the same public key twice. Attempted to add invalid and unnamed public keys. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran, cadamo, codeblock CC: aran, epriestley Differential Revision: 711 2011-07-22 10:17:57 -07:00
Update SSH Keys Settings layout Summary: Uses new ObjectBox with table. Test Plan: clicked on add new key, clicked edit key, everythink works Reviewers: epriestley, btrahan Reviewed By: epriestley CC: Korvin, epriestley, aran Differential Revision: https://secure.phabricator.com/D7904 2014-01-07 16:16:30 -08:00			`$panel = new PHUIObjectBoxView();`
			`$header = new PHUIHeaderView();`

Add a "Generate Keypair" option on the SSH Keys panel Summary: Ref T4587. Add an option to automatically generate a keypair, associate the public key, and save the private key. Test Plan: Generated some keypairs. Hit error conditions, etc. Reviewers: btrahan Reviewed By: btrahan Subscribers: aran, epriestley Maniphest Tasks: T4587 Differential Revision: https://secure.phabricator.com/D8513 2014-03-12 18:17:11 -07:00			`$upload_icon = id(new PHUIIconView())`
Replace Sprite-Icons with FontAwesome Summary: The removes the sprite sheet 'icons' and replaces it with FontAwesome fonts. Test Plan: - Grep for SPRITE_ICONS and replace - Grep for sprite-icons and replace - Grep for PhabricatorActionList and choose all new icons - Grep for Crumbs and fix icons - Test/Replace PHUIList Icon support - Test/Replace ObjectList Icon support (foot, epoch, etc) - Browse as many pages as I could get to - Remove sprite-icons and move remarkup to own sheet - Review this diff in Differential Reviewers: btrahan, epriestley Reviewed By: epriestley Subscribers: epriestley, Korvin, hach-que Differential Revision: https://secure.phabricator.com/D9052 2014-05-12 10:08:32 -07:00			`->setIconFont('fa-upload');`
Add a "Generate Keypair" option on the SSH Keys panel Summary: Ref T4587. Add an option to automatically generate a keypair, associate the public key, and save the private key. Test Plan: Generated some keypairs. Hit error conditions, etc. Reviewers: btrahan Reviewed By: btrahan Subscribers: aran, epriestley Maniphest Tasks: T4587 Differential Revision: https://secure.phabricator.com/D8513 2014-03-12 18:17:11 -07:00			`$upload_button = id(new PHUIButtonView())`
			`->setText(pht('Upload Public Key'))`
Separate SSH key management from the settings panel Summary: Ref T5833. I want to add SSH keys to Almanac devices, but the edit workflows for them are currently bound tightly to users. Instead, decouple key management from users and the settings panel. Test Plan: - Uploaded, generated, edited and deleted SSH keys. - Hit missing name, missing key, bad key format, duplicate key errors. - Edited/generated/deleted/etc keys for a bot user as an administrator. - Got HiSec'd on everything. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5833 Differential Revision: https://secure.phabricator.com/D10824 2014-11-11 08:18:26 -08:00			`->setHref('/auth/sshkey/upload/?objectPHID='.$user->getPHID())`
			`->setWorkflow(true)`
Add a "Generate Keypair" option on the SSH Keys panel Summary: Ref T4587. Add an option to automatically generate a keypair, associate the public key, and save the private key. Test Plan: Generated some keypairs. Hit error conditions, etc. Reviewers: btrahan Reviewed By: btrahan Subscribers: aran, epriestley Maniphest Tasks: T4587 Differential Revision: https://secure.phabricator.com/D8513 2014-03-12 18:17:11 -07:00			`->setTag('a')`
			`->setIcon($upload_icon);`

			`try {`
			`PhabricatorSSHKeyGenerator::assertCanGenerateKeypair();`
			`$can_generate = true;`
			`} catch (Exception $ex) {`
			`$can_generate = false;`
			`}`
Update SSH Keys Settings layout Summary: Uses new ObjectBox with table. Test Plan: clicked on add new key, clicked edit key, everythink works Reviewers: epriestley, btrahan Reviewed By: epriestley CC: Korvin, epriestley, aran Differential Revision: https://secure.phabricator.com/D7904 2014-01-07 16:16:30 -08:00
Add a "Generate Keypair" option on the SSH Keys panel Summary: Ref T4587. Add an option to automatically generate a keypair, associate the public key, and save the private key. Test Plan: Generated some keypairs. Hit error conditions, etc. Reviewers: btrahan Reviewed By: btrahan Subscribers: aran, epriestley Maniphest Tasks: T4587 Differential Revision: https://secure.phabricator.com/D8513 2014-03-12 18:17:11 -07:00			`$generate_icon = id(new PHUIIconView())`
Replace Sprite-Icons with FontAwesome Summary: The removes the sprite sheet 'icons' and replaces it with FontAwesome fonts. Test Plan: - Grep for SPRITE_ICONS and replace - Grep for sprite-icons and replace - Grep for PhabricatorActionList and choose all new icons - Grep for Crumbs and fix icons - Test/Replace PHUIList Icon support - Test/Replace ObjectList Icon support (foot, epoch, etc) - Browse as many pages as I could get to - Remove sprite-icons and move remarkup to own sheet - Review this diff in Differential Reviewers: btrahan, epriestley Reviewed By: epriestley Subscribers: epriestley, Korvin, hach-que Differential Revision: https://secure.phabricator.com/D9052 2014-05-12 10:08:32 -07:00			`->setIconFont('fa-lock');`
Add a "Generate Keypair" option on the SSH Keys panel Summary: Ref T4587. Add an option to automatically generate a keypair, associate the public key, and save the private key. Test Plan: Generated some keypairs. Hit error conditions, etc. Reviewers: btrahan Reviewed By: btrahan Subscribers: aran, epriestley Maniphest Tasks: T4587 Differential Revision: https://secure.phabricator.com/D8513 2014-03-12 18:17:11 -07:00			`$generate_button = id(new PHUIButtonView())`
			`->setText(pht('Generate Keypair'))`
Separate SSH key management from the settings panel Summary: Ref T5833. I want to add SSH keys to Almanac devices, but the edit workflows for them are currently bound tightly to users. Instead, decouple key management from users and the settings panel. Test Plan: - Uploaded, generated, edited and deleted SSH keys. - Hit missing name, missing key, bad key format, duplicate key errors. - Edited/generated/deleted/etc keys for a bot user as an administrator. - Got HiSec'd on everything. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5833 Differential Revision: https://secure.phabricator.com/D10824 2014-11-11 08:18:26 -08:00			`->setHref('/auth/sshkey/generate/?objectPHID='.$user->getPHID())`
Add a "Generate Keypair" option on the SSH Keys panel Summary: Ref T4587. Add an option to automatically generate a keypair, associate the public key, and save the private key. Test Plan: Generated some keypairs. Hit error conditions, etc. Reviewers: btrahan Reviewed By: btrahan Subscribers: aran, epriestley Maniphest Tasks: T4587 Differential Revision: https://secure.phabricator.com/D8513 2014-03-12 18:17:11 -07:00			`->setTag('a')`
			`->setWorkflow(true)`
			`->setDisabled(!$can_generate)`
			`->setIcon($generate_icon);`
Update SSH Keys Settings layout Summary: Uses new ObjectBox with table. Test Plan: clicked on add new key, clicked edit key, everythink works Reviewers: epriestley, btrahan Reviewed By: epriestley CC: Korvin, epriestley, aran Differential Revision: https://secure.phabricator.com/D7904 2014-01-07 16:16:30 -08:00
			`$header->setHeader(pht('SSH Public Keys'));`
Add a "Generate Keypair" option on the SSH Keys panel Summary: Ref T4587. Add an option to automatically generate a keypair, associate the public key, and save the private key. Test Plan: Generated some keypairs. Hit error conditions, etc. Reviewers: btrahan Reviewed By: btrahan Subscribers: aran, epriestley Maniphest Tasks: T4587 Differential Revision: https://secure.phabricator.com/D8513 2014-03-12 18:17:11 -07:00			`$header->addActionLink($generate_button);`
			`$header->addActionLink($upload_button);`
Update SSH Keys Settings layout Summary: Uses new ObjectBox with table. Test Plan: clicked on add new key, clicked edit key, everythink works Reviewers: epriestley, btrahan Reviewed By: epriestley CC: Korvin, epriestley, aran Differential Revision: https://secure.phabricator.com/D7904 2014-01-07 16:16:30 -08:00
			`$panel->setHeader($header);`
Allow users to associate SSH Public Keys with their accounts Summary: With the sshd-vcs thing I hacked together, this will enable Phabricator to host repositories without requiring users to have SSH accounts. I also fixed "subporjects" and added an explicit ENGINE to it. Test Plan: Created, edited and deleted public keys. Attempted to add the same public key twice. Attempted to add invalid and unnamed public keys. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran, cadamo, codeblock CC: aran, epriestley Differential Revision: 711 2011-07-22 10:17:57 -07:00			`$panel->appendChild($table);`

			`return $panel;`
			`}`

			`}`