revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-02-25 21:19:21 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/auth/storage
History
epriestley 1d34238dc9 Upgrade sessions digests to HMAC256, retaining compatibility with old digests 
Summary:
Ref T13222. Ref T13225. We store a digest of the session key in the session table (not the session key itself) so that users with access to this table can't easily steal sessions by just setting their cookies to values from the table.

Users with access to the database can //probably// do plenty of other bad stuff (e.g., T13134 mentions digesting Conduit tokens) but there's very little cost to storing digests instead of live tokens.

We currently digest session keys with HMAC-SHA1. This is fine, but HMAC-SHA256 is better. Upgrade:

  - Always write new digests.
  - We still match sessions with either digest.
  - When we read a session with an old digest, upgrade it to a new digest.

In a few months we can throw away the old code. When we do, installs that skip upgrades for a long time may suffer a one-time logout, but I'll note this in the changelog.

We could avoid this by storing `hmac256(hmac1(key))` instead and re-hashing in a migration, but I think the cost of a one-time logout for some tiny subset of users is very low, and worth keeping things simpler in the long run.

Test Plan:
  - Hit a page with an old session, got a session upgrade.
  - Reviewed sessions in Settings.
  - Reviewed user logs.
  - Logged out.
  - Logged in.
  - Terminated other sessions individually.
  - Terminated all other sessions.
  - Spot checked session table for general sanity.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13225, T13222

Differential Revision: https://secure.phabricator.com/D19883
2018-12-13 16:15:38 -08:00
..
PhabricatorAuthDAO.php Add storage for Auth configuration in preparation for moving it into a web interface 2013-06-17 10:48:41 -07:00
PhabricatorAuthFactorConfig.php Fix visiblity of LiskDAO::getConfiguration() 2015-01-14 06:54:13 +11:00
PhabricatorAuthHMACKey.php Support HMAC+SHA256 with automatic key generation and management 2017-04-06 15:42:59 -07:00
PhabricatorAuthInvite.php Send emails for email invites 2015-02-11 06:06:09 -08:00
PhabricatorAuthPassword.php Give PhabricatorAuthPassword a formal CAN_EDIT policy 2018-08-16 11:53:24 -07:00
PhabricatorAuthPasswordTransaction.php Consolidate password verification/revocation logic in a new PhabricatorAuthPasswordEngine 2018-01-23 10:54:49 -08:00
PhabricatorAuthProviderConfig.php Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
PhabricatorAuthProviderConfigTransaction.php Update Auth for new UI 2016-03-31 13:51:12 -07:00
PhabricatorAuthSession.php Upgrade sessions digests to HMAC256, retaining compatibility with old digests 2018-12-13 16:15:38 -08:00
PhabricatorAuthSSHKey.php Manage object mailKeys automatically in Mail instead of storing them on objects 2018-04-25 06:46:58 -07:00
PhabricatorAuthSSHKeyTransaction.php Add a bin/auth revoke revoker for SSH keys 2018-01-22 15:35:07 -08:00
PhabricatorAuthTemporaryToken.php Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00