mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 22:10:55 +01:00
Upgrade object reply addresses to SHA256 and remove "phabricator.mail-key"
Summary: Ref T12509. - Upgrade an old SHA1 to SHA256. - Replace an old manually configurable HMAC key with an automatically generated one. This is generally both simpler (less configuration) and more secure (you now get a unique value automatically). This causes a one-time compatibility break that invalidates old "Reply-To" addresses. I'll note this in the changelog. If you leaked a bunch of addresses, you could force a change here by mucking around with `phabricator_auth.auth_hmackey`, but AFAIK no one has ever used this value to react to any sort of security issue. (I'll note the possibility that we might want to provide/document this "manually force HMAC keys to regenerate" stuff some day in T6994.) Test Plan: Grepped for removed config. I'll vet this pathway more heavily in upcoming changes. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T12509 Differential Revision: https://secure.phabricator.com/D19945
This commit is contained in:
parent
a0668df75a
commit
93e6dc1c1d
4 changed files with 6 additions and 20 deletions
|
@ -385,6 +385,9 @@ final class PhabricatorExtraConfigSetupCheck extends PhabricatorSetupCheck {
|
||||||
'Mail thread IDs are now generated automatically.'),
|
'Mail thread IDs are now generated automatically.'),
|
||||||
'metamta.placeholder-to-recipient' => pht(
|
'metamta.placeholder-to-recipient' => pht(
|
||||||
'Placeholder recipients are now generated automatically.'),
|
'Placeholder recipients are now generated automatically.'),
|
||||||
|
|
||||||
|
'metamta.mail-key' => pht(
|
||||||
|
'Mail object address hash keys are now generated automatically.'),
|
||||||
);
|
);
|
||||||
|
|
||||||
return $ancient_config;
|
return $ancient_config;
|
||||||
|
|
|
@ -169,20 +169,6 @@ EOTEXT
|
||||||
'in a vague, mostly theoretical way. But it will take you like 3 '.
|
'in a vague, mostly theoretical way. But it will take you like 3 '.
|
||||||
'seconds of mashing on your keyboard to set it up so you might '.
|
'seconds of mashing on your keyboard to set it up so you might '.
|
||||||
'as well.')),
|
'as well.')),
|
||||||
$this->newOption(
|
|
||||||
'phabricator.mail-key',
|
|
||||||
'string',
|
|
||||||
'5ce3e7e8787f6e40dfae861da315a5cdf1018f12')
|
|
||||||
->setHidden(true)
|
|
||||||
->setSummary(
|
|
||||||
pht('Hashed with other inputs to generate mail tokens.'))
|
|
||||||
->setDescription(
|
|
||||||
pht(
|
|
||||||
"This is hashed with other inputs to generate mail tokens. If ".
|
|
||||||
"you want, you can change it to some other string which is ".
|
|
||||||
"unique to your install. In particular, you will want to do ".
|
|
||||||
"this if you accidentally send a bunch of mail somewhere you ".
|
|
||||||
"shouldn't have, to invalidate all old reply-to addresses.")),
|
|
||||||
$this->newOption(
|
$this->newOption(
|
||||||
'uri.allowed-protocols',
|
'uri.allowed-protocols',
|
||||||
'set',
|
'set',
|
||||||
|
|
|
@ -200,9 +200,9 @@ abstract class PhabricatorObjectMailReceiver extends PhabricatorMailReceiver {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function computeMailHash($mail_key, $phid) {
|
public static function computeMailHash($mail_key, $phid) {
|
||||||
$global_mail_key = PhabricatorEnv::getEnvConfig('phabricator.mail-key');
|
$hash = PhabricatorHash::digestWithNamedKey(
|
||||||
|
$mail_key.$phid,
|
||||||
$hash = PhabricatorHash::weakDigest($mail_key.$global_mail_key.$phid);
|
'mail.object-address-key');
|
||||||
return substr($hash, 0, 16);
|
return substr($hash, 0, 16);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -79,9 +79,6 @@ authenticating senders in the general case (e.g., where you are an open source
|
||||||
project and need to interact with users whose email accounts you have no control
|
project and need to interact with users whose email accounts you have no control
|
||||||
over).
|
over).
|
||||||
|
|
||||||
If you leak a bunch of reply-to addresses by accident, you can change
|
|
||||||
`phabricator.mail-key` in your configuration to invalidate all the old hashes.
|
|
||||||
|
|
||||||
You can also set `metamta.public-replies`, which will change how Phabricator
|
You can also set `metamta.public-replies`, which will change how Phabricator
|
||||||
delivers email. Instead of sending each recipient a unique mail with a personal
|
delivers email. Instead of sending each recipient a unique mail with a personal
|
||||||
reply-to address, it will send a single email to everyone with a public reply-to
|
reply-to address, it will send a single email to everyone with a public reply-to
|
||||||
|
|
Loading…
Reference in a new issue