mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-14 02:42:40 +01:00
Support PhabricatorOpaqueEnvelope for managing database passwords
Summary: Currently, MySQL/MySQLi connections store passwords in plain text on the object. Allow them to be stored in PhutilOpaqueEnvelopes instead. See D3053. Test Plan: Loaded site. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D3054
This commit is contained in:
parent
5d4a6bcf95
commit
27f6cc3b27
4 changed files with 18 additions and 4 deletions
|
@ -38,7 +38,6 @@ $args->parseStandardArguments();
|
||||||
$conf = PhabricatorEnv::newObjectFromConfig('mysql.configuration-provider');
|
$conf = PhabricatorEnv::newObjectFromConfig('mysql.configuration-provider');
|
||||||
|
|
||||||
$default_user = $conf->getUser();
|
$default_user = $conf->getUser();
|
||||||
$default_password = $conf->getPassword();
|
|
||||||
$default_host = $conf->getHost();
|
$default_host = $conf->getHost();
|
||||||
$default_namespace = PhabricatorLiskDAO::getDefaultStorageNamespace();
|
$default_namespace = PhabricatorLiskDAO::getDefaultStorageNamespace();
|
||||||
|
|
||||||
|
@ -62,7 +61,6 @@ try {
|
||||||
'name' => 'password',
|
'name' => 'password',
|
||||||
'short' => 'p',
|
'short' => 'p',
|
||||||
'param' => 'password',
|
'param' => 'password',
|
||||||
'default' => $default_password,
|
|
||||||
'help' => 'Use __password__ instead of the configured default.',
|
'help' => 'Use __password__ instead of the configured default.',
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
|
@ -85,10 +83,18 @@ try {
|
||||||
exit(77);
|
exit(77);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($args->getArg('password') === null) {
|
||||||
|
// This is already a PhutilOpaqueEnvelope.
|
||||||
|
$password = $conf->getPassword();
|
||||||
|
} else {
|
||||||
|
// Put this in a PhutilOpaqueEnvelope.
|
||||||
|
$password = new PhutilOpaqueEnvelope($args->getArg('password'));
|
||||||
|
}
|
||||||
|
|
||||||
$api = new PhabricatorStorageManagementAPI();
|
$api = new PhabricatorStorageManagementAPI();
|
||||||
$api->setUser($args->getArg('user'));
|
$api->setUser($args->getArg('user'));
|
||||||
$api->setHost($default_host);
|
$api->setHost($default_host);
|
||||||
$api->setPassword($args->getArg('password'));
|
$api->setPassword($password);
|
||||||
$api->setNamespace($args->getArg('namespace'));
|
$api->setNamespace($args->getArg('namespace'));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -38,7 +38,7 @@ final class DefaultDatabaseConfigurationProvider
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getPassword() {
|
public function getPassword() {
|
||||||
return PhabricatorEnv::getEnvConfig('mysql.pass');
|
return new PhutilOpaqueEnvelope(PhabricatorEnv::getEnvConfig('mysql.pass'));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getHost() {
|
public function getHost() {
|
||||||
|
|
|
@ -52,7 +52,11 @@ final class AphrontMySQLDatabaseConnection
|
||||||
$user = $this->getConfiguration('user');
|
$user = $this->getConfiguration('user');
|
||||||
$host = $this->getConfiguration('host');
|
$host = $this->getConfiguration('host');
|
||||||
$database = $this->getConfiguration('database');
|
$database = $this->getConfiguration('database');
|
||||||
|
|
||||||
$pass = $this->getConfiguration('pass');
|
$pass = $this->getConfiguration('pass');
|
||||||
|
if ($pass instanceof PhutilOpaqueEnvelope) {
|
||||||
|
$pass = $pass->openEnvelope();
|
||||||
|
}
|
||||||
|
|
||||||
$conn = @mysql_connect(
|
$conn = @mysql_connect(
|
||||||
$host,
|
$host,
|
||||||
|
|
|
@ -50,7 +50,11 @@ final class AphrontMySQLiDatabaseConnection
|
||||||
$user = $this->getConfiguration('user');
|
$user = $this->getConfiguration('user');
|
||||||
$host = $this->getConfiguration('host');
|
$host = $this->getConfiguration('host');
|
||||||
$database = $this->getConfiguration('database');
|
$database = $this->getConfiguration('database');
|
||||||
|
|
||||||
$pass = $this->getConfiguration('pass');
|
$pass = $this->getConfiguration('pass');
|
||||||
|
if ($pass instanceof PhutilOpaqueEnvelope) {
|
||||||
|
$pass = $pass->openEnvelope();
|
||||||
|
}
|
||||||
|
|
||||||
$conn = @new mysqli(
|
$conn = @new mysqli(
|
||||||
$host,
|
$host,
|
||||||
|
|
Loading…
Reference in a new issue