mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-24 13:38:19 +01:00
36006bcb8f
Summary: Via HackerOne. Currently, you can use "Lock Permanently" to lock a credential permanently, but you can still enable Conduit API access to it. This directly contradicts both intent of the setting and its description as presented to the user. Instead: - When a credential is locked, revoke Conduit API access. - Prevent API access from being enabled for locked credentials. - Prevent API access to locked credentials, period. Test Plan: - Created a credential. - Enabled API access. - Locked credential. - Saw API access become disabled. - Tried to enable API access; was rebuffed. - Queried credential via API, wasn't granted access. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D15944
89 lines
2.8 KiB
PHP
89 lines
2.8 KiB
PHP
<?php
|
|
|
|
final class PassphraseCredentialConduitController
|
|
extends PassphraseController {
|
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
$viewer = $request->getViewer();
|
|
$id = $request->getURIData('id');
|
|
|
|
$credential = id(new PassphraseCredentialQuery())
|
|
->setViewer($viewer)
|
|
->withIDs(array($id))
|
|
->requireCapabilities(
|
|
array(
|
|
PhabricatorPolicyCapability::CAN_VIEW,
|
|
PhabricatorPolicyCapability::CAN_EDIT,
|
|
))
|
|
->executeOne();
|
|
if (!$credential) {
|
|
return new Aphront404Response();
|
|
}
|
|
|
|
$view_uri = '/K'.$credential->getID();
|
|
|
|
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
|
|
$viewer,
|
|
$request,
|
|
$view_uri);
|
|
|
|
$type = PassphraseCredentialType::getTypeByConstant(
|
|
$credential->getCredentialType());
|
|
if (!$type) {
|
|
throw new Exception(pht('Credential has invalid type "%s"!', $type));
|
|
}
|
|
|
|
$is_locked = $credential->getIsLocked();
|
|
|
|
if ($is_locked) {
|
|
return $this->newDialog()
|
|
->setUser($viewer)
|
|
->setTitle(pht('Credential Locked'))
|
|
->appendChild(
|
|
pht(
|
|
'This credential can not be made available via Conduit because '.
|
|
'it is locked.'))
|
|
->addCancelButton($view_uri);
|
|
}
|
|
|
|
if ($request->isFormPost()) {
|
|
$xactions = array();
|
|
|
|
$xactions[] = id(new PassphraseCredentialTransaction())
|
|
->setTransactionType(PassphraseCredentialTransaction::TYPE_CONDUIT)
|
|
->setNewValue(!$credential->getAllowConduit());
|
|
|
|
$editor = id(new PassphraseCredentialTransactionEditor())
|
|
->setActor($viewer)
|
|
->setContinueOnMissingFields(true)
|
|
->setContentSourceFromRequest($request)
|
|
->applyTransactions($credential, $xactions);
|
|
|
|
return id(new AphrontRedirectResponse())->setURI($view_uri);
|
|
}
|
|
|
|
if ($credential->getAllowConduit()) {
|
|
return $this->newDialog()
|
|
->setTitle(pht('Prevent Conduit access?'))
|
|
->appendChild(
|
|
pht(
|
|
'This credential and its secret will no longer be able '.
|
|
'to be retrieved using the `%s` method in Conduit.',
|
|
'passphrase.query'))
|
|
->addSubmitButton(pht('Prevent Conduit Access'))
|
|
->addCancelButton($view_uri);
|
|
} else {
|
|
return $this->newDialog()
|
|
->setTitle(pht('Allow Conduit access?'))
|
|
->appendChild(
|
|
pht(
|
|
'This credential will be able to be retrieved via the Conduit '.
|
|
'API by users who have access to this credential. You should '.
|
|
'only enable this for credentials which need to be accessed '.
|
|
'programmatically (such as from build agents).'))
|
|
->addSubmitButton(pht('Allow Conduit Access'))
|
|
->addCancelButton($view_uri);
|
|
}
|
|
}
|
|
|
|
}
|