mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 08:12:40 +01:00
36006bcb8f
Summary: Via HackerOne. Currently, you can use "Lock Permanently" to lock a credential permanently, but you can still enable Conduit API access to it. This directly contradicts both intent of the setting and its description as presented to the user. Instead: - When a credential is locked, revoke Conduit API access. - Prevent API access from being enabled for locked credentials. - Prevent API access to locked credentials, period. Test Plan: - Created a credential. - Enabled API access. - Locked credential. - Saw API access become disabled. - Tried to enable API access; was rebuffed. - Queried credential via API, wasn't granted access. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D15944 |
||
---|---|---|
.. | ||
application | ||
capability | ||
conduit | ||
controller | ||
credentialtype | ||
editor | ||
keys | ||
phid | ||
policyrule | ||
query | ||
remarkup | ||
search | ||
storage | ||
view |