1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-24 22:40:55 +01:00

Security - disable conduit act as user by default

Summary: Introduce a new configuration setting that by default disables the conduit as as user method. Wordily explain that turning it on is not recommended. Fixes T3818.

Test Plan:
```
15:25:19 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-tghb3b2gbdyezdcuw2or","userName":"btrahan","realName":"Bob Trahan","image":"http:\/\/phalanx.dev\/file\/data\/yncjbh7phk7ktrdhuorn\/PHID-FILE-qyf4ui3x2ll3e52hpg5e\/profile-profile-gravatar","uri":"http:\/\/phalanx.dev\/p\/btrahan\/","roles":["admin","verified","approved","activated"]}}
15:25:34 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)

<go edit libconfig/conduitclient to spoof another user...>

~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":"ERR-CONDUIT-CORE","errorMessage":"ERR-CONDUIT-CORE: security.allow-conduit-act-as-user is disabled","response":null}
15:26:40 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)

<enable option via bin/config....>

~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-6lcglnzbkiamdofishgi","userName":"xerxes","realName":"Xerxes Trahan","image":"http:\/\/phalanx.dev\/file\/data\/n2kyeevowetcuynbcxrg\/PHID-FILE-voquikectzpde256zzvm\/profile-1275455993.jpg","uri":"http:\/\/phalanx.dev\/p\/xerxes\/","roles":["verified","approved","activated"]}}
```

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: jevripio, sowedance, epriestley, Korvin

Maniphest Tasks: T3818

Differential Revision: https://secure.phabricator.com/D9881
This commit is contained in:
Bob Trahan 2014-07-10 15:43:53 -07:00
parent fae23e0860
commit e281c5ee90
2 changed files with 22 additions and 1 deletions

View file

@ -164,6 +164,11 @@ final class PhabricatorConduitAPIController
ConduitAPIRequest $api_request,
$user_name) {
$config_key = 'security.allow-conduit-act-as-user';
if (!PhabricatorEnv::getEnvConfig($config_key)) {
throw new Exception('security.allow-conduit-act-as-user is disabled');
}
if (!$api_request->getUser()->getIsAdmin()) {
throw new Exception('Only administrators can use actAsUser');
}

View file

@ -219,11 +219,27 @@ final class PhabricatorSecurityConfigOptions
))
->setLocked(true)
->setSummary(
pht('Allow outbound HTTP requests'))
pht('Allow outbound HTTP requests.'))
->setDescription(
pht(
'If you enable this, you are allowing Phabricator to '.
'potentially make requests to external servers.')),
$this->newOption('security.allow-conduit-act-as-user', 'bool', false)
->setBoolOptions(
array(
pht('Allow'),
pht('Disallow'),
))
->setLocked(true)
->setSummary(
pht('Allow administrators to use the Conduit API as other users.'))
->setDescription(
pht(
'DEPRECATED - if you enable this, you are allowing '.
'administrators to act as any user via the Conduit API. '.
'Enabling this is not advised as it introduces a huge policy '.
'violation and has been obsoleted in functionality.')),
);
}