mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-19 12:00:55 +01:00
Allow Passphrase to store empty secrets
Summary: Fixes T6001. We currently don't allow empty secrets, but accounts with no password are occasionally used in the wild. Test Plan: - Created a credential with an empty secret. - Revealed secret, saw empty message. - Edited it (no form changes), saw secret unchanged. - Changed it to a nonempty secret. - Revealed nonempty secret. - Edited it (no form changes), saw secret unchanged. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T6001 Differential Revision: https://secure.phabricator.com/D10414
This commit is contained in:
parent
4d3cc7b28d
commit
a6296a64a4
2 changed files with 14 additions and 6 deletions
|
@ -155,8 +155,13 @@ final class PassphraseCredentialEditController extends PassphraseController {
|
|||
->setTransactionType($type_username)
|
||||
->setNewValue($v_username);
|
||||
|
||||
$min_secret = str_replace($bullet, '', trim($v_decrypt));
|
||||
if (strlen($min_secret)) {
|
||||
// If some value other than a sequence of bullets was provided for
|
||||
// the credential, update it. In particular, note that we are
|
||||
// explicitly allowing empty secrets: one use case is HTTP auth where
|
||||
// the username is a secret token which covers both identity and
|
||||
// authentication.
|
||||
|
||||
if (!preg_match('/^('.$bullet.')+$/', trim($v_decrypt))) {
|
||||
// If the credential was previously destroyed, restore it when it is
|
||||
// edited if a secret is provided.
|
||||
$xactions[] = id(new PassphraseCredentialTransaction())
|
||||
|
|
|
@ -46,16 +46,19 @@ final class PassphraseCredentialRevealController
|
|||
}
|
||||
|
||||
if ($request->isFormPost()) {
|
||||
if ($credential->getSecret()) {
|
||||
$secret = $credential->getSecret();
|
||||
if (!$secret) {
|
||||
$body = pht('This credential has no associated secret.');
|
||||
} else if (!strlen($secret->openEnvelope())) {
|
||||
$body = pht('This credential has an empty secret.');
|
||||
} else {
|
||||
$body = id(new PHUIFormLayoutView())
|
||||
->appendChild(
|
||||
id(new AphrontFormTextAreaControl())
|
||||
->setLabel(pht('Plaintext'))
|
||||
->setReadOnly(true)
|
||||
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL)
|
||||
->setValue($credential->getSecret()->openEnvelope()));
|
||||
} else {
|
||||
$body = pht('This credential has no associated secret.');
|
||||
->setValue($secret->openEnvelope()));
|
||||
}
|
||||
|
||||
// NOTE: Disable workflow on the cancel button to reload the page so
|
||||
|
|
Loading…
Reference in a new issue