mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-19 05:12:41 +01:00
Allow Passphrase to store empty secrets
Summary: Fixes T6001. We currently don't allow empty secrets, but accounts with no password are occasionally used in the wild. Test Plan: - Created a credential with an empty secret. - Revealed secret, saw empty message. - Edited it (no form changes), saw secret unchanged. - Changed it to a nonempty secret. - Revealed nonempty secret. - Edited it (no form changes), saw secret unchanged. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T6001 Differential Revision: https://secure.phabricator.com/D10414
This commit is contained in:
epriestley
parent
4d3cc7b28d
commit
a6296a64a4
2 changed files with 14 additions and 6 deletions
|
|
@ -155,8 +155,13 @@ final class PassphraseCredentialEditController extends PassphraseController {
|
||||||
->setTransactionType($type_username)
|
->setTransactionType($type_username)
|
||||||
->setNewValue($v_username);
|
->setNewValue($v_username);
|
||||||
|
|
||||||
$min_secret = str_replace($bullet, '', trim($v_decrypt));
|
// If some value other than a sequence of bullets was provided for
|
||||||
if (strlen($min_secret)) {
|
// the credential, update it. In particular, note that we are
|
||||||
|
// explicitly allowing empty secrets: one use case is HTTP auth where
|
||||||
|
// the username is a secret token which covers both identity and
|
||||||
|
// authentication.
|
||||||
|
|
||||||
|
if (!preg_match('/^('.$bullet.')+$/', trim($v_decrypt))) {
|
||||||
// If the credential was previously destroyed, restore it when it is
|
// If the credential was previously destroyed, restore it when it is
|
||||||
// edited if a secret is provided.
|
// edited if a secret is provided.
|
||||||
$xactions[] = id(new PassphraseCredentialTransaction())
|
$xactions[] = id(new PassphraseCredentialTransaction())
|
||||||
|
|
|
||||||
|
|
@ -46,16 +46,19 @@ final class PassphraseCredentialRevealController
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($request->isFormPost()) {
|
if ($request->isFormPost()) {
|
||||||
if ($credential->getSecret()) {
|
$secret = $credential->getSecret();
|
||||||
|
if (!$secret) {
|
||||||
|
$body = pht('This credential has no associated secret.');
|
||||||
|
} else if (!strlen($secret->openEnvelope())) {
|
||||||
|
$body = pht('This credential has an empty secret.');
|
||||||
|
} else {
|
||||||
$body = id(new PHUIFormLayoutView())
|
$body = id(new PHUIFormLayoutView())
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormTextAreaControl())
|
id(new AphrontFormTextAreaControl())
|
||||||
->setLabel(pht('Plaintext'))
|
->setLabel(pht('Plaintext'))
|
||||||
->setReadOnly(true)
|
->setReadOnly(true)
|
||||||
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL)
|
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL)
|
||||||
->setValue($credential->getSecret()->openEnvelope()));
|
->setValue($secret->openEnvelope()));
|
||||||
} else {
|
|
||||||
$body = pht('This credential has no associated secret.');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// NOTE: Disable workflow on the cancel button to reload the page so
|
// NOTE: Disable workflow on the cancel button to reload the page so
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue