mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-23 23:32:40 +01:00
36006bcb8f
Summary: Via HackerOne. Currently, you can use "Lock Permanently" to lock a credential permanently, but you can still enable Conduit API access to it. This directly contradicts both intent of the setting and its description as presented to the user. Instead: - When a credential is locked, revoke Conduit API access. - Prevent API access from being enabled for locked credentials. - Prevent API access to locked credentials, period. Test Plan: - Created a credential. - Enabled API access. - Locked credential. - Saw API access become disabled. - Tried to enable API access; was rebuffed. - Queried credential via API, wasn't granted access. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D15944 |
||
---|---|---|
.. | ||
__tests__ | ||
aphront | ||
applications | ||
docs | ||
extensions | ||
infrastructure | ||
view | ||
__phutil_library_init__.php | ||
__phutil_library_map__.php |