Consolidate handling of SSH usernames

Summary:
Ref T4292. This consolidates code for figuring out which user we should connect to hosts with.

Also narrows a lock window.

Test Plan: Browsed Diffusion, pulled and pushed through an SSH proxy.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4292

Differential Revision: https://secure.phabricator.com/D15754

src/applications/almanac/util/AlmanacKeys.php

@@ -48,4 +48,22 @@ final class AlmanacKeys extends Phobject {
     return $device;
   }
 
+  public static function getClusterSSHUser() {
+    // NOTE: When instancing, we currently use the SSH username to figure out
+    // which instance you are connecting to. We can't use the host name because
+    // we have no way to tell which host you think you're reaching: the SSH
+    // protocol does not have a mechanism like a "Host" header.
+    $username = PhabricatorEnv::getEnvConfig('cluster.instance');
+    if (strlen($username)) {
+      return $username;
+    }
+
+    $username = PhabricatorEnv::getEnvConfig('diffusion.ssh-user');
+    if (strlen($username)) {
+      return $username;
+    }
+
+    return null;
+  }
+
 }

src/applications/diffusion/ssh/DiffusionSSHWorkflow.php

@@ -62,15 +62,12 @@ abstract class DiffusionSSHWorkflow extends PhabricatorSSHWorkflow {
   protected function getProxyCommand() {
     $uri = new PhutilURI($this->proxyURI);
 
-    $username = PhabricatorEnv::getEnvConfig('cluster.instance');
-    if (!strlen($username)) {
-      $username = PhabricatorEnv::getEnvConfig('diffusion.ssh-user');
-      if (!strlen($username)) {
-        throw new Exception(
-          pht(
-            'Unable to determine the username to connect with when trying '.
-            'to proxy an SSH request within the Phabricator cluster.'));
-      }
+    $username = AlmanacKeys::getClusterSSHUser();
+    if ($username === null) {
+      throw new Exception(
+        pht(
+          'Unable to determine the username to connect with when trying '.
+          'to proxy an SSH request within the Phabricator cluster.'));
     }
 
     $port = $uri->getPort();

src/applications/repository/storage/PhabricatorRepository.php

@@ -1348,8 +1348,8 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
       $uri->setPath($uri->getPath().$this->getCloneName().'/');
     }
 
-    $ssh_user = PhabricatorEnv::getEnvConfig('diffusion.ssh-user');
-    if ($ssh_user) {
+    $ssh_user = AlmanacKeys::getClusterSSHUser();
+    if ($ssh_user !== null) {
       $uri->setUser($ssh_user);
     }
 
@@ -2324,7 +2324,12 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
           'refusing new writes.'));
     }
 
-    $max_version = $this->synchronizeWorkingCopyBeforeRead();
+    try {
+      $max_version = $this->synchronizeWorkingCopyBeforeRead();
+    } catch (Exception $ex) {
+      $write_lock->unlock();
+      throw $ex;
+    }
 
     PhabricatorRepositoryWorkingCopyVersion::willWrite(
       $repository_phid,

src/applications/repository/storage/PhabricatorRepositoryURI.php

@@ -227,7 +227,7 @@ final class PhabricatorRepositoryURI
   private function getForcedUser() {
     switch ($this->getBuiltinProtocol()) {
       case self::BUILTIN_PROTOCOL_SSH:
-        return PhabricatorEnv::getEnvConfig('diffusion.ssh-user');
+        return AlmanacKeys::getClusterSSHUser();
       default:
         return null;
     }