revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-20 05:42:40 +01:00
Code Issues Releases Wiki Activity

Upgrade "masked" config to "hidden"

Browse source 
Summary:
Ref T7185. We currently have "locked", "masked", and "hidden" config.

However, "masked" does not really do anything. It was intended to mask values in DarkConsole, but Config got built out instead and "hidden" is strictly better in modern usage and protects against compromised administrator accounts. "hidden" implies "locked", so it's now strictly more powerful than just locked.

Remove "masked" and upgrade all "masked" config to "hidden". In particular, this hides some API keys and secret keys much more aggressively in Config, which is desirable.

Test Plan: Browsed things like S3 API keys in config and could no longer see them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11763
This commit is contained in:
epriestley 2015-02-13 10:59:50 -08:00
parent f74fa49636
commit ebebeb8f7c
12 changed files with 14 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/applications/config/check/PhabricatorExtraConfigSetupCheck.php
View file

@ -206,6 +206,8 @@ final class PhabricatorExtraConfigSetupCheck extends PhabricatorSetupCheck {
'translation.provider' => pht(
'The translation implementation has changed and providers are no '.
'longer used or supported.'),
'config.mask' => pht(
'Use `config.hide` instead of this option.'),
);
return $ancient_config;

4
src/applications/config/controller/PhabricatorConfigAllController.php
View file

@ -17,9 +17,7 @@ final class PhabricatorConfigAllController
foreach ($options as $option) {
$key = $option->getKey();
if ($option->getMasked()) {
$value = phutil_tag('em', array(), pht('Masked'));
} else if ($option->getHidden()) {
if ($option->getHidden()) {
$value = phutil_tag('em', array(), pht('Hidden'));
} else {
$value = PhabricatorEnv::getEnvConfig($key);

4
src/applications/config/controller/PhabricatorConfigGroupController.php
View file

@ -72,7 +72,7 @@ final class PhabricatorConfigGroupController
->setHref('/config/edit/'.$option->getKey().'/')
->addAttribute($summary);
if (!$option->getHidden() && !$option->getMasked()) {
if (!$option->getHidden()) {
$current_value = PhabricatorEnv::getEnvConfig($option->getKey());
$current_value = PhabricatorConfigJSON::prettyPrintJSON(
$current_value);
@ -96,8 +96,6 @@ final class PhabricatorConfigGroupController
if ($option->getHidden()) {
$item->addIcon('unpublish', pht('Hidden'));
} else if ($option->getMasked()) {
$item->addIcon('unpublish-grey', pht('Masked'));
} else if ($option->getLocked()) {
$item->addIcon('lock', pht('Locked'));
}

6
src/applications/config/option/PhabricatorAWSConfigOptions.php
View file

@ -25,13 +25,13 @@ final class PhabricatorAWSConfigOptions
->setLocked(true)
->setDescription(pht('Access key for Amazon SES.')),
$this->newOption('amazon-ses.secret-key', 'string', null)
->setMasked(true)
->setHidden(true)
->setDescription(pht('Secret key for Amazon SES.')),
$this->newOption('amazon-s3.access-key', 'string', null)
->setLocked(true)
->setDescription(pht('Access key for Amazon S3.')),
$this->newOption('amazon-s3.secret-key', 'string', null)
->setMasked(true)
->setHidden(true)
->setDescription(pht('Secret key for Amazon S3.')),
$this->newOption('amazon-s3.endpoint', 'string', null)
->setLocked(true)
@ -45,7 +45,7 @@ final class PhabricatorAWSConfigOptions
->setLocked(true)
->setDescription(pht('Access key for Amazon EC2.')),
$this->newOption('amazon-ec2.secret-key', 'string', null)
->setMasked(true)
->setHidden(true)
->setDescription(pht('Secret key for Amazon EC2.')),
);
}

21
src/applications/config/option/PhabricatorConfigOption.php
View file

@ -16,7 +16,6 @@ final class PhabricatorConfigOption
private $locked;
private $lockedMessage;
private $hidden;
private $masked;
private $baseClass;
private $customData;
private $customObject;
@ -30,26 +29,6 @@ final class PhabricatorConfigOption
return $this->baseClass;
}
public function setMasked($masked) {
$this->masked = $masked;
return $this;
}
public function getMasked() {
if ($this->masked) {
return true;
}
if ($this->getHidden()) {
return true;
}
return idx(
PhabricatorEnv::getEnvConfig('config.mask'),
$this->getKey(),
false);
}
public function setHidden($hidden) {
$this->hidden = $hidden;
return $this;

3
src/applications/config/option/PhabricatorCoreConfigOptions.php
View file

@ -179,9 +179,6 @@ final class PhabricatorCoreConfigOptions
$this->newOption('config.hide', 'set', array())
->setLocked(true)
->setDescription(pht('Additional configuration options to hide.')),
$this->newOption('config.mask', 'set', array())
->setLocked(true)
->setDescription(pht('Additional configuration options to mask.')),
$this->newOption('config.ignore-issues', 'set', array())
->setLocked(true)
->setDescription(pht('Setup issues to ignore.')),

2
src/applications/config/option/PhabricatorMailgunConfigOptions.php
View file

@ -28,7 +28,7 @@ final class PhabricatorMailgunConfigOptions
'Mailgun domain name. See https://mailgun.com/cp/domains'))
->addExample('mycompany.com', 'Use specific domain'),
$this->newOption('mailgun.api-key', 'string', null)
->setMasked(true)
->setHidden(true)
->setDescription(pht('Mailgun API key.')),
);

2
src/applications/config/option/PhabricatorPHPMailerConfigOptions.php
View file

@ -50,7 +50,7 @@ final class PhabricatorPHPMailerConfigOptions
->setLocked(true)
->setDescription(pht('Username for SMTP.')),
$this->newOption('phpmailer.smtp-password', 'string', null)
->setMasked(true)
->setHidden(true)
->setDescription(pht('Password for SMTP.')),
$this->newOption('phpmailer.smtp-encoding', 'string', '8bit')
->setSummary(pht('Configure how mail is encoded.'))

2
src/applications/config/option/PhabricatorRecaptchaConfigOptions.php
View file

@ -38,7 +38,7 @@ final class PhabricatorRecaptchaConfigOptions
->setDescription(
pht('Recaptcha public key, obtained by signing up for Recaptcha.')),
$this->newOption('recaptcha.private-key', 'string', null)
->setMasked(true)
->setHidden(true)
->setDescription(
pht('Recaptcha private key, obtained by signing up for Recaptcha.')),
);

1
src/applications/config/option/PhabricatorSMSConfigOptions.php
View file

@ -54,7 +54,6 @@ EODOC
'string',
null)
->setDescription(pht('Authorization token from Twilio service.'))
->setLocked(true)
->setHidden(true)
->addExample('f3jsi4i67wiwt6w54hf2zwvy3fjf5h', pht('30 characters')),
);

9
src/applications/config/option/PhabricatorSecurityConfigOptions.php
View file

@ -45,8 +45,7 @@ final class PhabricatorSecurityConfigOptions
'security.hmac-key',
'string',
'[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw')
->setMasked(true)
->setLocked(true)
->setHidden(true)
->setSummary(
pht('Key for HMAC digests.'))
->setDescription(
@ -104,8 +103,7 @@ final class PhabricatorSecurityConfigOptions
'phabricator.csrf-key',
'string',
'0b7ec0592e0a2829d8b71df2fa269b2c6172eca3')
->setMasked(true)
->setLocked(true)
->setHidden(true)
->setSummary(
pht('Hashed with other inputs to generate CSRF tokens.'))
->setDescription(
@ -120,8 +118,7 @@ final class PhabricatorSecurityConfigOptions
'phabricator.mail-key',
'string',
'5ce3e7e8787f6e40dfae861da315a5cdf1018f12')
->setMasked(true)
->setLocked(true)
->setHidden(true)
->setSummary(
pht('Hashed with other inputs to generate mail tokens.'))
->setDescription(

2
src/applications/config/option/PhabricatorSendGridConfigOptions.php
View file

@ -25,7 +25,7 @@ final class PhabricatorSendGridConfigOptions
->setLocked(true)
->setDescription(pht('SendGrid API username.')),
$this->newOption('sendgrid.api-key', 'string', null)
->setMasked(true)
->setHidden(true)
->setDescription(pht('SendGrid API key.')),
);
}