diff --git a/src/applications/passphrase/controller/PassphraseCredentialEditController.php b/src/applications/passphrase/controller/PassphraseCredentialEditController.php index b971013fdc..7a2f4c99ff 100644 --- a/src/applications/passphrase/controller/PassphraseCredentialEditController.php +++ b/src/applications/passphrase/controller/PassphraseCredentialEditController.php @@ -155,8 +155,13 @@ final class PassphraseCredentialEditController extends PassphraseController { ->setTransactionType($type_username) ->setNewValue($v_username); - $min_secret = str_replace($bullet, '', trim($v_decrypt)); - if (strlen($min_secret)) { + // If some value other than a sequence of bullets was provided for + // the credential, update it. In particular, note that we are + // explicitly allowing empty secrets: one use case is HTTP auth where + // the username is a secret token which covers both identity and + // authentication. + + if (!preg_match('/^('.$bullet.')+$/', trim($v_decrypt))) { // If the credential was previously destroyed, restore it when it is // edited if a secret is provided. $xactions[] = id(new PassphraseCredentialTransaction()) diff --git a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php index 55489481c7..f9667c3081 100644 --- a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php +++ b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php @@ -46,16 +46,19 @@ final class PassphraseCredentialRevealController } if ($request->isFormPost()) { - if ($credential->getSecret()) { + $secret = $credential->getSecret(); + if (!$secret) { + $body = pht('This credential has no associated secret.'); + } else if (!strlen($secret->openEnvelope())) { + $body = pht('This credential has an empty secret.'); + } else { $body = id(new PHUIFormLayoutView()) ->appendChild( id(new AphrontFormTextAreaControl()) ->setLabel(pht('Plaintext')) ->setReadOnly(true) ->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL) - ->setValue($credential->getSecret()->openEnvelope())); - } else { - $body = pht('This credential has no associated secret.'); + ->setValue($secret->openEnvelope())); } // NOTE: Disable workflow on the cancel button to reload the page so