mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-24 22:40:55 +01:00
Security - disable conduit act as user by default
Summary: Introduce a new configuration setting that by default disables the conduit as as user method. Wordily explain that turning it on is not recommended. Fixes T3818. Test Plan: ``` 15:25:19 ~/Dropbox/code/phalanx/src/applications/conduit (T3818) ~> echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami Waiting for JSON parameters on stdin... {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-tghb3b2gbdyezdcuw2or","userName":"btrahan","realName":"Bob Trahan","image":"http:\/\/phalanx.dev\/file\/data\/yncjbh7phk7ktrdhuorn\/PHID-FILE-qyf4ui3x2ll3e52hpg5e\/profile-profile-gravatar","uri":"http:\/\/phalanx.dev\/p\/btrahan\/","roles":["admin","verified","approved","activated"]}} 15:25:34 ~/Dropbox/code/phalanx/src/applications/conduit (T3818) <go edit libconfig/conduitclient to spoof another user...> ~> echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami Waiting for JSON parameters on stdin... {"error":"ERR-CONDUIT-CORE","errorMessage":"ERR-CONDUIT-CORE: security.allow-conduit-act-as-user is disabled","response":null} 15:26:40 ~/Dropbox/code/phalanx/src/applications/conduit (T3818) <enable option via bin/config....> ~> echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami Waiting for JSON parameters on stdin... {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-6lcglnzbkiamdofishgi","userName":"xerxes","realName":"Xerxes Trahan","image":"http:\/\/phalanx.dev\/file\/data\/n2kyeevowetcuynbcxrg\/PHID-FILE-voquikectzpde256zzvm\/profile-1275455993.jpg","uri":"http:\/\/phalanx.dev\/p\/xerxes\/","roles":["verified","approved","activated"]}} ``` Reviewers: epriestley Reviewed By: epriestley Subscribers: jevripio, sowedance, epriestley, Korvin Maniphest Tasks: T3818 Differential Revision: https://secure.phabricator.com/D9881
This commit is contained in:
parent
fae23e0860
commit
e281c5ee90
2 changed files with 22 additions and 1 deletions
|
@ -164,6 +164,11 @@ final class PhabricatorConduitAPIController
|
|||
ConduitAPIRequest $api_request,
|
||||
$user_name) {
|
||||
|
||||
$config_key = 'security.allow-conduit-act-as-user';
|
||||
if (!PhabricatorEnv::getEnvConfig($config_key)) {
|
||||
throw new Exception('security.allow-conduit-act-as-user is disabled');
|
||||
}
|
||||
|
||||
if (!$api_request->getUser()->getIsAdmin()) {
|
||||
throw new Exception('Only administrators can use actAsUser');
|
||||
}
|
||||
|
|
|
@ -219,11 +219,27 @@ final class PhabricatorSecurityConfigOptions
|
|||
))
|
||||
->setLocked(true)
|
||||
->setSummary(
|
||||
pht('Allow outbound HTTP requests'))
|
||||
pht('Allow outbound HTTP requests.'))
|
||||
->setDescription(
|
||||
pht(
|
||||
'If you enable this, you are allowing Phabricator to '.
|
||||
'potentially make requests to external servers.')),
|
||||
$this->newOption('security.allow-conduit-act-as-user', 'bool', false)
|
||||
->setBoolOptions(
|
||||
array(
|
||||
pht('Allow'),
|
||||
pht('Disallow'),
|
||||
))
|
||||
->setLocked(true)
|
||||
->setSummary(
|
||||
pht('Allow administrators to use the Conduit API as other users.'))
|
||||
->setDescription(
|
||||
pht(
|
||||
'DEPRECATED - if you enable this, you are allowing '.
|
||||
'administrators to act as any user via the Conduit API. '.
|
||||
'Enabling this is not advised as it introduces a huge policy '.
|
||||
'violation and has been obsoleted in functionality.')),
|
||||
|
||||
);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue