revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 11:30:55 +01:00
Code Issues Releases Wiki Activity

Provide a more straightforward way to revoke SSH keys by finding and destroying the objects

Browse source 
Summary: Ref T9967

Test Plan:
Ran migrations.
Verified database populated properly with PHIDs (SELECT * FROM auth_sshkey;).
Ran auth.querypublickeys conduit method to see phids show up
Ran bin/remove destroy <phid>.
Viewed the test key was gone.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin

Maniphest Tasks: T9967

Differential Revision: https://secure.phabricator.com/D14823
This commit is contained in:
Nick Zheng 2015-12-19 11:48:24 -08:00
parent aeae0e7028
commit 8eec9e2c0e
7 changed files with 111 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
resources/sql/autopatches/20151218.key.1.keyphid.sql Normal file
View file

@ -0,0 +1,2 @@
ALTER TABLE {$NAMESPACE}_auth.auth_sshkey
ADD phid VARBINARY(64) NOT NULL AFTER id;

17
resources/sql/autopatches/20151218.key.2.keyphid.php Normal file
View file

@ -0,0 +1,17 @@
<?php
$table = new PhabricatorAuthSSHKey();
$conn_w = $table->establishConnection('w');
foreach (new LiskMigrationIterator($table) as $cursor) {
if (strlen($cursor->getPHID())) {
continue;
}
queryfx(
$conn_w,
'UPDATE %T SET phid = %s WHERE id = %d',
$table->getTableName(),
$table->generatePHID(),
$cursor->getID());
}

3
src/__phutil_library_map__.php
View file

@ -1684,6 +1684,7 @@ phutil_register_library_map(array(
'PhabricatorAuthApplication' => 'applications/auth/application/PhabricatorAuthApplication.php', 'PhabricatorAuthApplication' => 'applications/auth/application/PhabricatorAuthApplication.php',
'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php', 'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php',
'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php', 'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php',
'PhabricatorAuthSSHKeyPHIDType' => 'applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php',
'PhabricatorAuthConduitAPIMethod' => 'applications/auth/conduit/PhabricatorAuthConduitAPIMethod.php', 'PhabricatorAuthConduitAPIMethod' => 'applications/auth/conduit/PhabricatorAuthConduitAPIMethod.php',
'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php', 'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php',
'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php', 'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php',
@ -5833,6 +5834,7 @@ phutil_register_library_map(array(
'PhabricatorAuthSSHKey' => array( 'PhabricatorAuthSSHKey' => array(
'PhabricatorAuthDAO', 'PhabricatorAuthDAO',
'PhabricatorPolicyInterface', 'PhabricatorPolicyInterface',
'PhabricatorDestructibleInterface',
), ),
'PhabricatorAuthSSHKeyController' => 'PhabricatorAuthController', 'PhabricatorAuthSSHKeyController' => 'PhabricatorAuthController',
'PhabricatorAuthSSHKeyDeleteController' => 'PhabricatorAuthSSHKeyController', 'PhabricatorAuthSSHKeyDeleteController' => 'PhabricatorAuthSSHKeyController',
@ -5840,6 +5842,7 @@ phutil_register_library_map(array(
'PhabricatorAuthSSHKeyGenerateController' => 'PhabricatorAuthSSHKeyController', 'PhabricatorAuthSSHKeyGenerateController' => 'PhabricatorAuthSSHKeyController',
'PhabricatorAuthSSHKeyQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 'PhabricatorAuthSSHKeyQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
'PhabricatorAuthSSHKeyTableView' => 'AphrontView', 'PhabricatorAuthSSHKeyTableView' => 'AphrontView',
'PhabricatorAuthSSHKeyPHIDType' => 'PhabricatorPHIDType',
'PhabricatorAuthSSHPublicKey' => 'Phobject', 'PhabricatorAuthSSHPublicKey' => 'Phobject',
'PhabricatorAuthSession' => array( 'PhabricatorAuthSession' => array(
'PhabricatorAuthDAO', 'PhabricatorAuthDAO',

7
src/applications/auth/conduit/PhabricatorAuthQueryPublicKeysConduitAPIMethod.php
View file

@ -14,6 +14,7 @@ final class PhabricatorAuthQueryPublicKeysConduitAPIMethod
protected function defineParamTypes() { protected function defineParamTypes() {
return array( return array(
'ids' => 'optional list<id>', 'ids' => 'optional list<id>',
'phids' => 'optional list<phid>',
'objectPHIDs' => 'optional list<phid>', 'objectPHIDs' => 'optional list<phid>',
'keys' => 'optional list<string>', 'keys' => 'optional list<string>',
) + self::getPagerParamTypes(); ) + self::getPagerParamTypes();
@ -34,6 +35,11 @@ final class PhabricatorAuthQueryPublicKeysConduitAPIMethod
$query->withIDs($ids); $query->withIDs($ids);
} }
$phids = $request->getValue('phids');
if ($phids !== null) {
$query->withPHIDs($phids);
}
$object_phids = $request->getValue('objectPHIDs'); $object_phids = $request->getValue('objectPHIDs');
if ($object_phids !== null) { if ($object_phids !== null) {
$query->withObjectPHIDs($object_phids); $query->withObjectPHIDs($object_phids);
@ -57,6 +63,7 @@ final class PhabricatorAuthQueryPublicKeysConduitAPIMethod
$data[] = array( $data[] = array(
'id' => $public_key->getID(), 'id' => $public_key->getID(),
'name' => $public_key->getName(), 'name' => $public_key->getName(),
'phid' => $public_key->getPHID(),
'objectPHID' => $public_key->getObjectPHID(), 'objectPHID' => $public_key->getObjectPHID(),
'isTrusted' => (bool)$public_key->getIsTrusted(), 'isTrusted' => (bool)$public_key->getIsTrusted(),
'key' => $public_key->getEntireKey(), 'key' => $public_key->getEntireKey(),

38
src/applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php Normal file
View file

@ -0,0 +1,38 @@
<?php
final class PhabricatorAuthSSHKeyPHIDType
extends PhabricatorPHIDType {
const TYPECONST = 'AKEY';
public function getTypeName() {
return pht('Public SSH Key');
}
public function newObject() {
return new PhabricatorAuthSSHKey();
}
public function getPHIDTypeApplicationClass() {
return 'PhabricatorAuthApplication';
}
protected function buildQueryForObjects(
PhabricatorObjectQuery $query,
array $phids) {
return id(new PhabricatorAuthSSHKeyQuery())
->withPHIDs($phids);
}
public function loadHandles(
PhabricatorHandleQuery $query,
array $handles,
array $objects) {
foreach ($handles as $phid => $handle) {
$key = $objects[$phid];
$handle->setName(pht('SSH Key %d', $key->getID()));
}
}
}

44
src/applications/auth/query/PhabricatorAuthSSHKeyQuery.php
View file

@ -4,6 +4,7 @@ final class PhabricatorAuthSSHKeyQuery
extends PhabricatorCursorPagedPolicyAwareQuery { extends PhabricatorCursorPagedPolicyAwareQuery {
private $ids; private $ids;
private $phids;
private $objectPHIDs; private $objectPHIDs;
private $keys; private $keys;
@ -12,6 +13,11 @@ final class PhabricatorAuthSSHKeyQuery
return $this; return $this;
} }
public function withPHIDs(array $phids) {
$this->phids = $phids;
return $this;
}
public function withObjectPHIDs(array $object_phids) { public function withObjectPHIDs(array $object_phids) {
$this->objectPHIDs = $object_phids; $this->objectPHIDs = $object_phids;
return $this; return $this;
@ -23,19 +29,12 @@ final class PhabricatorAuthSSHKeyQuery
return $this; return $this;
} }
public function newResultObject() {
return new PhabricatorAuthSSHKey();
}
protected function loadPage() { protected function loadPage() {
$table = new PhabricatorAuthSSHKey(); return $this->loadStandardPage($this->newResultObject());
$conn_r = $table->establishConnection('r');
$data = queryfx_all(
$conn_r,
'SELECT * FROM %T %Q %Q %Q',
$table->getTableName(),
$this->buildWhereClause($conn_r),
$this->buildOrderClause($conn_r),
$this->buildLimitClause($conn_r));
return $table->loadAllFromArray($data);
} }
protected function willFilterPage(array $keys) { protected function willFilterPage(array $keys) {
@ -54,6 +53,7 @@ final class PhabricatorAuthSSHKeyQuery
// We must have an object, and that object must be a valid object for // We must have an object, and that object must be a valid object for
// SSH keys. // SSH keys.
if (!$object || !($object instanceof PhabricatorSSHPublicKeyInterface)) { if (!$object || !($object instanceof PhabricatorSSHPublicKeyInterface)) {
$this->didRejectResult($ssh_key);
unset($keys[$key]); unset($keys[$key]);
continue; continue;
} }
@ -64,19 +64,26 @@ final class PhabricatorAuthSSHKeyQuery
return $keys; return $keys;
} }
protected function buildWhereClause(AphrontDatabaseConnection $conn_r) { protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
$where = array(); $where = parent::buildWhereClauseParts($conn);
if ($this->ids !== null) { if ($this->ids !== null) {
$where[] = qsprintf( $where[] = qsprintf(
$conn_r, $conn,
'id IN (%Ld)', 'id IN (%Ld)',
$this->ids); $this->ids);
} }
if ($this->phids !== null) {
$where[] = qsprintf(
$conn,
'phid IN (%Ls)',
$this->phids);
}
if ($this->objectPHIDs !== null) { if ($this->objectPHIDs !== null) {
$where[] = qsprintf( $where[] = qsprintf(
$conn_r, $conn,
'objectPHID IN (%Ls)', 'objectPHID IN (%Ls)',
$this->objectPHIDs); $this->objectPHIDs);
} }
@ -85,7 +92,7 @@ final class PhabricatorAuthSSHKeyQuery
$sql = array(); $sql = array();
foreach ($this->keys as $key) { foreach ($this->keys as $key) {
$sql[] = qsprintf( $sql[] = qsprintf(
$conn_r, $conn,
'(keyType = %s AND keyIndex = %s)', '(keyType = %s AND keyIndex = %s)',
$key->getType(), $key->getType(),
$key->getHash()); $key->getHash());
@ -93,9 +100,8 @@ final class PhabricatorAuthSSHKeyQuery
$where[] = implode(' OR ', $sql); $where[] = implode(' OR ', $sql);
} }
$where[] = $this->buildPagingClause($conn_r); return $where;
return $this->formatWhereClause($where);
} }
public function getQueryApplicationClass() { public function getQueryApplicationClass() {

22
src/applications/auth/storage/PhabricatorAuthSSHKey.php
View file

@ -2,7 +2,9 @@
final class PhabricatorAuthSSHKey final class PhabricatorAuthSSHKey
extends PhabricatorAuthDAO extends PhabricatorAuthDAO
implements PhabricatorPolicyInterface { implements
PhabricatorPolicyInterface,
PhabricatorDestructibleInterface {
protected $objectPHID; protected $objectPHID;
protected $name; protected $name;
@ -16,6 +18,7 @@ final class PhabricatorAuthSSHKey
protected function getConfiguration() { protected function getConfiguration() {
return array( return array(
self::CONFIG_AUX_PHID => true,
self::CONFIG_COLUMN_SCHEMA => array( self::CONFIG_COLUMN_SCHEMA => array(
'name' => 'text255', 'name' => 'text255',
'keyType' => 'text255', 'keyType' => 'text255',
@ -63,8 +66,10 @@ final class PhabricatorAuthSSHKey
return $this; return $this;
} }
public function generatePHID() {
return PhabricatorPHID::generateNewPHID(
PhabricatorAuthSSHKeyPHIDType::TYPECONST);
}
/* -( PhabricatorPolicyInterface )----------------------------------------- */ /* -( PhabricatorPolicyInterface )----------------------------------------- */
@ -89,4 +94,15 @@ final class PhabricatorAuthSSHKey
'SSH keys inherit the policies of the user or object they authenticate.'); 'SSH keys inherit the policies of the user or object they authenticate.');
} }
/* -( PhabricatorDestructibleInterface )----------------------------------- */
public function destroyObjectPermanently(
PhabricatorDestructionEngine $engine) {
$this->openTransaction();
$this->delete();
$this->saveTransaction();
}
} }