revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-05 20:31:03 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications
History
epriestley 1d34238dc9 Upgrade sessions digests to HMAC256, retaining compatibility with old digests 
Summary:
Ref T13222. Ref T13225. We store a digest of the session key in the session table (not the session key itself) so that users with access to this table can't easily steal sessions by just setting their cookies to values from the table.

Users with access to the database can //probably// do plenty of other bad stuff (e.g., T13134 mentions digesting Conduit tokens) but there's very little cost to storing digests instead of live tokens.

We currently digest session keys with HMAC-SHA1. This is fine, but HMAC-SHA256 is better. Upgrade:

  - Always write new digests.
  - We still match sessions with either digest.
  - When we read a session with an old digest, upgrade it to a new digest.

In a few months we can throw away the old code. When we do, installs that skip upgrades for a long time may suffer a one-time logout, but I'll note this in the changelog.

We could avoid this by storing `hmac256(hmac1(key))` instead and re-hashing in a migration, but I think the cost of a one-time logout for some tiny subset of users is very low, and worth keeping things simpler in the long run.

Test Plan:
  - Hit a page with an old session, got a session upgrade.
  - Reviewed sessions in Settings.
  - Reviewed user logs.
  - Logged out.
  - Logged in.
  - Terminated other sessions individually.
  - Terminated all other sessions.
  - Spot checked session table for general sanity.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13225, T13222

Differential Revision: https://secure.phabricator.com/D19883
2018-12-13 16:15:38 -08:00
..
almanac Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
aphlict Add a CLI workflow for testing that notifications are being delivered 2018-12-10 16:05:53 -08:00
arcanist/conduit Remove remaining arcanist project code 2015-07-08 19:37:28 +10:00
audit Share more inline "Done" code between Differential and Diffusion 2018-12-10 15:36:52 -08:00
auth Upgrade sessions digests to HMAC256, retaining compatibility with old digests 2018-12-13 16:15:38 -08:00
badges Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
base Allow "Can Configure Application" permissions to be configured 2018-11-19 07:25:41 -08:00
cache Update PhabricatorLiskDAO::chunkSQL() for new %Q semantics 2018-11-13 08:59:18 -08:00
calendar Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
celerity Emit a "Content-Security-Policy" HTTP header 2018-02-27 10:17:30 -08:00
chatlog Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
conduit Use phutil_microseconds_since(...) to simplify some timing arithmetic 2018-11-08 16:46:32 -08:00
config Remove defunct "metamta.herald.show-hints" Config option 2018-11-26 10:14:25 -08:00
conpherence Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
console Fix some minor errors (DarkConsole warning, unstable Ferret sort) 2018-03-18 15:12:25 -07:00
countdown Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
daemon Continue cleaning up queries in the wake of changes to "%Q" 2018-11-16 12:49:44 -08:00
dashboard Make the dashboard panel datasource work properly with hundreds of panels 2018-06-28 08:54:29 -07:00
differential Share more inline "Done" code between Differential and Diffusion 2018-12-10 15:36:52 -08:00
diffusion Fix some straggling qsprintf() warnings in repository import 2018-12-12 09:21:12 -08:00
diviner Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
doorkeeper Allow Doorkeeper references to have multiple display variations (full, short, etc.) 2018-03-13 11:29:52 -07:00
draft/storage When purging drafts after a transaction edit, purge all drafts 2018-02-11 06:01:09 -08:00
drydock Replace the "Choose Subtype" radio buttons dialog with a simpler "big stuff you click" sort of UI 2018-12-10 14:59:18 -08:00
fact Remove all application callers to "putInSet()" 2018-12-12 16:41:12 -08:00
favorites Add some missing aural button labels for accessibility 2018-08-17 11:00:29 -07:00
feed Separate "feed" and "notifications" better, allow stories to appear in notifications only 2018-12-10 16:02:43 -08:00
files Fix all query warnings in "arc unit --everything" 2018-11-15 03:51:25 -08:00
flag Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
fund Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
guides Rename "PHUIDocumentViewPro" to "PHUIDocumentView" 2018-08-28 14:53:07 -07:00
harbormaster Add support for "harbormaster.target.search" 2018-11-28 13:49:27 -08:00
help Redesign header menus and search 2017-01-17 12:13:06 -08:00
herald Fix a stray qsprintf() in the Herald rules engine when recording rule application to objects 2018-12-12 11:31:36 -08:00
home Update menu item names for Applications -> Favorites 2017-09-05 19:05:03 -07:00
legalpad Allow applications to require a High Security token without doing a session upgrade 2018-11-28 13:39:59 -08:00
lipsum Add "--force" and "--quickly" flags to bin/lipsum 2017-02-27 09:09:41 -08:00
macro When {meme ...} embed has no text, just use the raw file data unmodified 2018-11-06 09:40:22 -08:00
maniphest Fix another qsprintf() straggler in "Has Open Subtasks" 2018-12-13 05:17:02 -08:00
meta Modularize Repository transactions 2018-11-28 14:29:18 -08:00
metamta Remove defunct "metamta.herald.show-hints" Config option 2018-11-26 10:14:25 -08:00
multimeter Continue cleaning up queries in the wake of changes to "%Q" 2018-11-16 12:49:44 -08:00
notification Remove obsolete "NotifyTest" feed story 2018-12-10 16:03:42 -08:00
nuance Explicitly add rel="noreferrer" to all external links 2018-02-17 17:46:11 -08:00
oauthserver Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
owners Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
packages Continue cleaning up queries in the wake of changes to "%Q" 2018-11-16 12:49:44 -08:00
passphrase Fix spelling 2017-10-09 10:48:04 -07:00
paste Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
people Upgrade sessions digests to HMAC256, retaining compatibility with old digests 2018-12-13 16:15:38 -08:00
phame Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
phid Truncate package names in diff table of contents views 2018-06-07 13:17:01 -07:00
phlux Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
pholio Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
phortune Fix some "%Q" behavior in PhortuneMerchantQuery 2018-11-20 07:59:57 -08:00
phpast Update phpast for new UI 2016-04-05 13:52:59 -07:00
phragment Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
phrequent Continue cleaning up queries in the wake of changes to "%Q" 2018-11-16 12:49:44 -08:00
phriction Make it less confusing to create root-level Phriction doc 2018-12-10 14:10:18 -08:00
phurl Explicitly add rel="noreferrer" to all external links 2018-02-17 17:46:11 -08:00
policy Extend PhabricatorPolicyCodex interface to handle "interesting" policy defaults 2018-04-27 16:56:11 -07:00
ponder Make Facts more modern, DRY, and dimensional 2018-02-19 12:05:19 -08:00
project Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
releeph Remove application callsites to "LiskDAO->loadOneRelative()" 2018-12-12 16:39:44 -08:00
remarkup/conduit
repository Fix some straggling qsprintf() warnings in repository import 2018-12-12 09:21:12 -08:00
search When waiting for long-running Harbormaster futures to resolve, close idle database connections 2018-11-21 07:53:40 -08:00
settings Upgrade sessions digests to HMAC256, retaining compatibility with old digests 2018-12-13 16:15:38 -08:00
slowvote Prevent users from voting for invalid Slowvote options 2018-11-06 09:21:18 -08:00
spaces Add more mail stamps: tasks, subscribers, projects, spaces 2018-02-06 04:05:46 -08:00
subscriptions Remove requireCapabilities() from ApplicationTransactionEditor and require CAN_EDIT by default 2018-08-24 17:45:56 -07:00
support/application
system Update PhabricatorLiskDAO::chunkSQL() for new %Q semantics 2018-11-13 08:59:18 -08:00
tokens Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
transactions Separate "feed" and "notifications" better, allow stories to appear in notifications only 2018-12-10 16:02:43 -08:00
typeahead Rename "PHUIDocumentViewPro" to "PHUIDocumentView" 2018-08-28 14:53:07 -07:00
uiexample Reduce the cost of generating default user profile images 2018-03-01 16:53:17 -08:00
xhprof Allow XHProf profiles to be drag-and-dropped to upload them 2017-02-23 11:16:19 -08:00