When administrators revoke SSH keys, don't include a "security warning" in the mail

Summary: Depends on D18906. Ref T13043. When SSH keys are edited, we normally include a warning that if you don't recognize the activity you might have problems in the mail body. Currently, this warning is also shown for revocations with `bin/auth revoke --type ssh`. However, these revocations are safe (revocations are generally not dangerous anyway) and almost certainly legitimate and administrative, so don't warn users about them. Test Plan: - Created and revoked a key. - Creation mail still had warning; revocation mail no longer did. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13043 Differential Revision: https://secure.phabricator.com/D18907
2024-11-22 23:02:42 +01:00 · 2018-01-21 17:55:28 -08:00 · 2018-01-21 17:55:28 -08:00 · 13ef5c6f23
commit 13ef5c6f23
parent 026ec11b9d
2 changed files with 32 additions and 5 deletions
--- a/src/applications/auth/editor/PhabricatorAuthSSHKeyEditor.php
+++ b/src/applications/auth/editor/PhabricatorAuthSSHKeyEditor.php
@ -3,6 +3,17 @@
 final class PhabricatorAuthSSHKeyEditor
  extends PhabricatorApplicationTransactionEditor {

+  private $isAdministrativeEdit;
+
+  public function setIsAdministrativeEdit($is_administrative_edit) {
+    $this->isAdministrativeEdit = $is_administrative_edit;
+    return $this;
+  }
+
+  public function getIsAdministrativeEdit() {
+    return $this->isAdministrativeEdit;
+  }
+
  public function getEditorApplicationClass() {
    return 'PhabricatorAuthApplication';
  }
@ -239,11 +250,13 @@ final class PhabricatorAuthSSHKeyEditor

    $body = parent::buildMailBody($object, $xactions);

-    $body->addTextSection(
-      pht('SECURITY WARNING'),
-      pht(
-        'If you do not recognize this change, it may indicate your account '.
-        'has been compromised.'));
+    if (!$this->getIsAdministrativeEdit()) {
+      $body->addTextSection(
+        pht('SECURITY WARNING'),
+        pht(
+          'If you do not recognize this change, it may indicate your account '.
+          'has been compromised.'));
+    }

    $detail_uri = $object->getURI();
    $detail_uri = PhabricatorEnv::getProductionURI($detail_uri);
@ -253,4 +266,17 @@ final class PhabricatorAuthSSHKeyEditor
    return $body;
  }

+
+  protected function getCustomWorkerState() {
+    return array(
+      'isAdministrativeEdit' => $this->isAdministrativeEdit,
+    );
+  }
+
+  protected function loadCustomWorkerState(array $state) {
+    $this->isAdministrativeEdit = idx($state, 'isAdministrativeEdit');
+    return $this;
+  }
+
+
 }
--- a/src/applications/auth/revoker/PhabricatorAuthSSHRevoker.php
+++ b/src/applications/auth/revoker/PhabricatorAuthSSHRevoker.php
@ -43,6 +43,7 @@ final class PhabricatorAuthSSHRevoker
        ->setContinueOnNoEffect(true)
        ->setContinueOnMissingFields(true)
        ->setContentSource($content_source)
+        ->setIsAdministrativeEdit(true)
        ->applyTransactions($ssh_key, $xactions);
    }