mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-18 11:30:55 +01:00
Provide a more straightforward way to revoke SSH keys by finding and destroying the objects
Summary: Ref T9967 Test Plan: Ran migrations. Verified database populated properly with PHIDs (SELECT * FROM auth_sshkey;). Ran auth.querypublickeys conduit method to see phids show up Ran bin/remove destroy <phid>. Viewed the test key was gone. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: Korvin Maniphest Tasks: T9967 Differential Revision: https://secure.phabricator.com/D14823
This commit is contained in:
parent
aeae0e7028
commit
8eec9e2c0e
7 changed files with 111 additions and 22 deletions
2
resources/sql/autopatches/20151218.key.1.keyphid.sql
Normal file
2
resources/sql/autopatches/20151218.key.1.keyphid.sql
Normal file
|
@ -0,0 +1,2 @@
|
|||
ALTER TABLE {$NAMESPACE}_auth.auth_sshkey
|
||||
ADD phid VARBINARY(64) NOT NULL AFTER id;
|
17
resources/sql/autopatches/20151218.key.2.keyphid.php
Normal file
17
resources/sql/autopatches/20151218.key.2.keyphid.php
Normal file
|
@ -0,0 +1,17 @@
|
|||
<?php
|
||||
|
||||
$table = new PhabricatorAuthSSHKey();
|
||||
$conn_w = $table->establishConnection('w');
|
||||
|
||||
foreach (new LiskMigrationIterator($table) as $cursor) {
|
||||
if (strlen($cursor->getPHID())) {
|
||||
continue;
|
||||
}
|
||||
|
||||
queryfx(
|
||||
$conn_w,
|
||||
'UPDATE %T SET phid = %s WHERE id = %d',
|
||||
$table->getTableName(),
|
||||
$table->generatePHID(),
|
||||
$cursor->getID());
|
||||
}
|
|
@ -1684,6 +1684,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorAuthApplication' => 'applications/auth/application/PhabricatorAuthApplication.php',
|
||||
'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php',
|
||||
'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php',
|
||||
'PhabricatorAuthSSHKeyPHIDType' => 'applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php',
|
||||
'PhabricatorAuthConduitAPIMethod' => 'applications/auth/conduit/PhabricatorAuthConduitAPIMethod.php',
|
||||
'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php',
|
||||
'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php',
|
||||
|
@ -5833,6 +5834,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorAuthSSHKey' => array(
|
||||
'PhabricatorAuthDAO',
|
||||
'PhabricatorPolicyInterface',
|
||||
'PhabricatorDestructibleInterface',
|
||||
),
|
||||
'PhabricatorAuthSSHKeyController' => 'PhabricatorAuthController',
|
||||
'PhabricatorAuthSSHKeyDeleteController' => 'PhabricatorAuthSSHKeyController',
|
||||
|
@ -5840,6 +5842,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorAuthSSHKeyGenerateController' => 'PhabricatorAuthSSHKeyController',
|
||||
'PhabricatorAuthSSHKeyQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
|
||||
'PhabricatorAuthSSHKeyTableView' => 'AphrontView',
|
||||
'PhabricatorAuthSSHKeyPHIDType' => 'PhabricatorPHIDType',
|
||||
'PhabricatorAuthSSHPublicKey' => 'Phobject',
|
||||
'PhabricatorAuthSession' => array(
|
||||
'PhabricatorAuthDAO',
|
||||
|
|
|
@ -14,6 +14,7 @@ final class PhabricatorAuthQueryPublicKeysConduitAPIMethod
|
|||
protected function defineParamTypes() {
|
||||
return array(
|
||||
'ids' => 'optional list<id>',
|
||||
'phids' => 'optional list<phid>',
|
||||
'objectPHIDs' => 'optional list<phid>',
|
||||
'keys' => 'optional list<string>',
|
||||
) + self::getPagerParamTypes();
|
||||
|
@ -34,6 +35,11 @@ final class PhabricatorAuthQueryPublicKeysConduitAPIMethod
|
|||
$query->withIDs($ids);
|
||||
}
|
||||
|
||||
$phids = $request->getValue('phids');
|
||||
if ($phids !== null) {
|
||||
$query->withPHIDs($phids);
|
||||
}
|
||||
|
||||
$object_phids = $request->getValue('objectPHIDs');
|
||||
if ($object_phids !== null) {
|
||||
$query->withObjectPHIDs($object_phids);
|
||||
|
@ -57,6 +63,7 @@ final class PhabricatorAuthQueryPublicKeysConduitAPIMethod
|
|||
$data[] = array(
|
||||
'id' => $public_key->getID(),
|
||||
'name' => $public_key->getName(),
|
||||
'phid' => $public_key->getPHID(),
|
||||
'objectPHID' => $public_key->getObjectPHID(),
|
||||
'isTrusted' => (bool)$public_key->getIsTrusted(),
|
||||
'key' => $public_key->getEntireKey(),
|
||||
|
|
38
src/applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php
Normal file
38
src/applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php
Normal file
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorAuthSSHKeyPHIDType
|
||||
extends PhabricatorPHIDType {
|
||||
|
||||
const TYPECONST = 'AKEY';
|
||||
|
||||
public function getTypeName() {
|
||||
return pht('Public SSH Key');
|
||||
}
|
||||
|
||||
public function newObject() {
|
||||
return new PhabricatorAuthSSHKey();
|
||||
}
|
||||
|
||||
public function getPHIDTypeApplicationClass() {
|
||||
return 'PhabricatorAuthApplication';
|
||||
}
|
||||
|
||||
protected function buildQueryForObjects(
|
||||
PhabricatorObjectQuery $query,
|
||||
array $phids) {
|
||||
|
||||
return id(new PhabricatorAuthSSHKeyQuery())
|
||||
->withPHIDs($phids);
|
||||
}
|
||||
|
||||
public function loadHandles(
|
||||
PhabricatorHandleQuery $query,
|
||||
array $handles,
|
||||
array $objects) {
|
||||
foreach ($handles as $phid => $handle) {
|
||||
$key = $objects[$phid];
|
||||
$handle->setName(pht('SSH Key %d', $key->getID()));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -4,6 +4,7 @@ final class PhabricatorAuthSSHKeyQuery
|
|||
extends PhabricatorCursorPagedPolicyAwareQuery {
|
||||
|
||||
private $ids;
|
||||
private $phids;
|
||||
private $objectPHIDs;
|
||||
private $keys;
|
||||
|
||||
|
@ -12,6 +13,11 @@ final class PhabricatorAuthSSHKeyQuery
|
|||
return $this;
|
||||
}
|
||||
|
||||
public function withPHIDs(array $phids) {
|
||||
$this->phids = $phids;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function withObjectPHIDs(array $object_phids) {
|
||||
$this->objectPHIDs = $object_phids;
|
||||
return $this;
|
||||
|
@ -23,19 +29,12 @@ final class PhabricatorAuthSSHKeyQuery
|
|||
return $this;
|
||||
}
|
||||
|
||||
public function newResultObject() {
|
||||
return new PhabricatorAuthSSHKey();
|
||||
}
|
||||
|
||||
protected function loadPage() {
|
||||
$table = new PhabricatorAuthSSHKey();
|
||||
$conn_r = $table->establishConnection('r');
|
||||
|
||||
$data = queryfx_all(
|
||||
$conn_r,
|
||||
'SELECT * FROM %T %Q %Q %Q',
|
||||
$table->getTableName(),
|
||||
$this->buildWhereClause($conn_r),
|
||||
$this->buildOrderClause($conn_r),
|
||||
$this->buildLimitClause($conn_r));
|
||||
|
||||
return $table->loadAllFromArray($data);
|
||||
return $this->loadStandardPage($this->newResultObject());
|
||||
}
|
||||
|
||||
protected function willFilterPage(array $keys) {
|
||||
|
@ -54,6 +53,7 @@ final class PhabricatorAuthSSHKeyQuery
|
|||
// We must have an object, and that object must be a valid object for
|
||||
// SSH keys.
|
||||
if (!$object || !($object instanceof PhabricatorSSHPublicKeyInterface)) {
|
||||
$this->didRejectResult($ssh_key);
|
||||
unset($keys[$key]);
|
||||
continue;
|
||||
}
|
||||
|
@ -64,19 +64,26 @@ final class PhabricatorAuthSSHKeyQuery
|
|||
return $keys;
|
||||
}
|
||||
|
||||
protected function buildWhereClause(AphrontDatabaseConnection $conn_r) {
|
||||
$where = array();
|
||||
protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
|
||||
$where = parent::buildWhereClauseParts($conn);
|
||||
|
||||
if ($this->ids !== null) {
|
||||
$where[] = qsprintf(
|
||||
$conn_r,
|
||||
$conn,
|
||||
'id IN (%Ld)',
|
||||
$this->ids);
|
||||
}
|
||||
|
||||
if ($this->phids !== null) {
|
||||
$where[] = qsprintf(
|
||||
$conn,
|
||||
'phid IN (%Ls)',
|
||||
$this->phids);
|
||||
}
|
||||
|
||||
if ($this->objectPHIDs !== null) {
|
||||
$where[] = qsprintf(
|
||||
$conn_r,
|
||||
$conn,
|
||||
'objectPHID IN (%Ls)',
|
||||
$this->objectPHIDs);
|
||||
}
|
||||
|
@ -85,7 +92,7 @@ final class PhabricatorAuthSSHKeyQuery
|
|||
$sql = array();
|
||||
foreach ($this->keys as $key) {
|
||||
$sql[] = qsprintf(
|
||||
$conn_r,
|
||||
$conn,
|
||||
'(keyType = %s AND keyIndex = %s)',
|
||||
$key->getType(),
|
||||
$key->getHash());
|
||||
|
@ -93,9 +100,8 @@ final class PhabricatorAuthSSHKeyQuery
|
|||
$where[] = implode(' OR ', $sql);
|
||||
}
|
||||
|
||||
$where[] = $this->buildPagingClause($conn_r);
|
||||
return $where;
|
||||
|
||||
return $this->formatWhereClause($where);
|
||||
}
|
||||
|
||||
public function getQueryApplicationClass() {
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
final class PhabricatorAuthSSHKey
|
||||
extends PhabricatorAuthDAO
|
||||
implements PhabricatorPolicyInterface {
|
||||
implements
|
||||
PhabricatorPolicyInterface,
|
||||
PhabricatorDestructibleInterface {
|
||||
|
||||
protected $objectPHID;
|
||||
protected $name;
|
||||
|
@ -16,6 +18,7 @@ final class PhabricatorAuthSSHKey
|
|||
|
||||
protected function getConfiguration() {
|
||||
return array(
|
||||
self::CONFIG_AUX_PHID => true,
|
||||
self::CONFIG_COLUMN_SCHEMA => array(
|
||||
'name' => 'text255',
|
||||
'keyType' => 'text255',
|
||||
|
@ -63,8 +66,10 @@ final class PhabricatorAuthSSHKey
|
|||
return $this;
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function generatePHID() {
|
||||
return PhabricatorPHID::generateNewPHID(
|
||||
PhabricatorAuthSSHKeyPHIDType::TYPECONST);
|
||||
}
|
||||
|
||||
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
||||
|
||||
|
@ -89,4 +94,15 @@ final class PhabricatorAuthSSHKey
|
|||
'SSH keys inherit the policies of the user or object they authenticate.');
|
||||
}
|
||||
|
||||
/* -( PhabricatorDestructibleInterface )----------------------------------- */
|
||||
|
||||
|
||||
public function destroyObjectPermanently(
|
||||
PhabricatorDestructionEngine $engine) {
|
||||
|
||||
$this->openTransaction();
|
||||
$this->delete();
|
||||
$this->saveTransaction();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue