1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-19 05:12:41 +01:00

Allow Passphrase to store empty secrets

Summary: Fixes T6001. We currently don't allow empty secrets, but accounts with no password are occasionally used in the wild.

Test Plan:
  - Created a credential with an empty secret.
  - Revealed secret, saw empty message.
  - Edited it (no form changes), saw secret unchanged.
  - Changed it to a nonempty secret.
  - Revealed nonempty secret.
  - Edited it (no form changes), saw secret unchanged.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6001

Differential Revision: https://secure.phabricator.com/D10414
This commit is contained in:
epriestley 2014-09-04 12:48:05 -07:00
parent 4d3cc7b28d
commit a6296a64a4
2 changed files with 14 additions and 6 deletions

View file

@ -155,8 +155,13 @@ final class PassphraseCredentialEditController extends PassphraseController {
->setTransactionType($type_username) ->setTransactionType($type_username)
->setNewValue($v_username); ->setNewValue($v_username);
$min_secret = str_replace($bullet, '', trim($v_decrypt)); // If some value other than a sequence of bullets was provided for
if (strlen($min_secret)) { // the credential, update it. In particular, note that we are
// explicitly allowing empty secrets: one use case is HTTP auth where
// the username is a secret token which covers both identity and
// authentication.
if (!preg_match('/^('.$bullet.')+$/', trim($v_decrypt))) {
// If the credential was previously destroyed, restore it when it is // If the credential was previously destroyed, restore it when it is
// edited if a secret is provided. // edited if a secret is provided.
$xactions[] = id(new PassphraseCredentialTransaction()) $xactions[] = id(new PassphraseCredentialTransaction())

View file

@ -46,16 +46,19 @@ final class PassphraseCredentialRevealController
} }
if ($request->isFormPost()) { if ($request->isFormPost()) {
if ($credential->getSecret()) { $secret = $credential->getSecret();
if (!$secret) {
$body = pht('This credential has no associated secret.');
} else if (!strlen($secret->openEnvelope())) {
$body = pht('This credential has an empty secret.');
} else {
$body = id(new PHUIFormLayoutView()) $body = id(new PHUIFormLayoutView())
->appendChild( ->appendChild(
id(new AphrontFormTextAreaControl()) id(new AphrontFormTextAreaControl())
->setLabel(pht('Plaintext')) ->setLabel(pht('Plaintext'))
->setReadOnly(true) ->setReadOnly(true)
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL) ->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL)
->setValue($credential->getSecret()->openEnvelope())); ->setValue($secret->openEnvelope()));
} else {
$body = pht('This credential has no associated secret.');
} }
// NOTE: Disable workflow on the cancel button to reload the page so // NOTE: Disable workflow on the cancel button to reload the page so