1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-07 13:21:02 +01:00

Repository Identity "Automatically Detected User": don't trust unverified emails

Summary:
Make sure that Repository Diffusion Identities "Automatically Detected User " are not created from unverified emails.

Closes T15965

Test Plan:
Find at least one identity that is assigned to nobody:

http://phorge.localhost/diffusion/identity/

(For example, you may easily find an identity of "GitHub <noreply@github.com>")

(Double check that its "Assigned To" is unset or make sure it's unset for this test)

Be evil: add *that* email in your {nav Profile > Settings > Email addresses}. So, for example add "noreply@github.com", like a rogue. The email can stay unverified.

Run this command to immediately cause an effect:

    ./bin/repository rebuild-identities --all-identities

- before this change, you can reproduce that you successfully steal that identity and you become "GitHub" or whoever
- after this change, you see that "Automatically Detected User" is unset again
- after this change, any other identity manually assigned, is still assigned to that value
- after this change, any other identity automatically assigned to verified emails, are still "Automatically Detected User"

Reviewers: O1 Blessed Committers, speck, 20after4

Reviewed By: O1 Blessed Committers, speck, 20after4

Subscribers: aklapper, tobiaswiese, Matthew, Cigaryno

Maniphest Tasks: T15965

Differential Revision: https://we.phorge.it/D25845
This commit is contained in:
Valerio Bozzolan 2024-12-11 09:24:47 +01:00
parent 14fcf61a1e
commit 7429da91d2
3 changed files with 25 additions and 2 deletions

View file

@ -93,7 +93,8 @@ final class DiffusionResolveUserQuery extends Phobject {
private function findUserByEmailAddress($email_address) { private function findUserByEmailAddress($email_address) {
$by_email = PhabricatorUser::loadOneWithEmailAddress($email_address); $by_email =
PhabricatorUser::loadOneWithVerifiedEmailAddress($email_address);
if ($by_email) { if ($by_email) {
return $by_email->getPHID(); return $by_email->getPHID();

View file

@ -652,6 +652,28 @@ final class PhabricatorUser
return $this->getUsername(); return $this->getUsername();
} }
/**
* Load one user from their verified email address.
* @param string $address
* @return PhabricatorUser|null
*/
public static function loadOneWithVerifiedEmailAddress($address) {
$email = id(new PhabricatorUserEmail())->loadOneWhere(
'address = %s AND isVerified = 1',
$address);
if (!$email) {
return null;
}
return id(new self())->loadOneWhere(
'phid = %s',
$email->getUserPHID());
}
/**
* Load one user from their potentially unverified email address.
* @param string $address
* @return PhabricatorUser|null
*/
public static function loadOneWithEmailAddress($address) { public static function loadOneWithEmailAddress($address) {
$email = id(new PhabricatorUserEmail())->loadOneWhere( $email = id(new PhabricatorUserEmail())->loadOneWhere(
'address = %s', 'address = %s',

View file

@ -281,7 +281,7 @@ final class PhabricatorRepositoryManagementRebuildIdentitiesWorkflow
$user->getMonogram())); $user->getMonogram()));
$emails = id(new PhabricatorUserEmail())->loadAllWhere( $emails = id(new PhabricatorUserEmail())->loadAllWhere(
'userPHID = %s', 'userPHID = %s AND isVerified = 1',
$user->getPHID()); $user->getPHID());
if ($emails) { if ($emails) {
$this->rebuildEmails(mpull($emails, 'getAddress')); $this->rebuildEmails(mpull($emails, 'getAddress'));