mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-28 09:42:41 +01:00
5e0f218fe4
Summary: Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks. We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks. Add a `bin/almanac trust-key --id <x>` workflow for trusting keys. Only trusted keys can sign requests. Test Plan: - Generated a user key. - Generated a device key. - Trusted a device key. - Untrusted a device key. - Hit the various errors on trust/untrust. - Tried to edit a trusted key. {F236010} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T6240 Differential Revision: https://secure.phabricator.com/D10878
92 lines
3 KiB
PHP
92 lines
3 KiB
PHP
<?php
|
|
|
|
final class PhabricatorAuthSSHKeyGenerateController
|
|
extends PhabricatorAuthSSHKeyController {
|
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
$viewer = $this->getViewer();
|
|
|
|
$key = $this->newKeyForObjectPHID($request->getStr('objectPHID'));
|
|
if (!$key) {
|
|
return new Aphront404Response();
|
|
}
|
|
|
|
$cancel_uri = $key->getObject()->getSSHPublicKeyManagementURI($viewer);
|
|
|
|
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
|
|
$viewer,
|
|
$request,
|
|
$cancel_uri);
|
|
|
|
if ($request->isFormPost()) {
|
|
$default_name = $key->getObject()->getSSHKeyDefaultName();
|
|
|
|
$keys = PhabricatorSSHKeyGenerator::generateKeypair();
|
|
list($public_key, $private_key) = $keys;
|
|
|
|
$file = PhabricatorFile::buildFromFileDataOrHash(
|
|
$private_key,
|
|
array(
|
|
'name' => $default_name.'.key',
|
|
'ttl' => time() + (60 * 10),
|
|
'viewPolicy' => $viewer->getPHID(),
|
|
));
|
|
|
|
$public_key = PhabricatorAuthSSHPublicKey::newFromRawKey($public_key);
|
|
|
|
$type = $public_key->getType();
|
|
$body = $public_key->getBody();
|
|
|
|
$key
|
|
->setName($default_name)
|
|
->setKeyType($type)
|
|
->setKeyBody($body)
|
|
->setKeyComment(pht('Generated'))
|
|
->save();
|
|
|
|
// NOTE: We're disabling workflow on submit so the download works. We're
|
|
// disabling workflow on cancel so the page reloads, showing the new
|
|
// key.
|
|
|
|
return $this->newDialog()
|
|
->setTitle(pht('Download Private Key'))
|
|
->setDisableWorkflowOnCancel(true)
|
|
->setDisableWorkflowOnSubmit(true)
|
|
->setSubmitURI($file->getDownloadURI())
|
|
->appendParagraph(
|
|
pht(
|
|
'A keypair has been generated, and the public key has been '.
|
|
'added as a recognized key. Use the button below to download '.
|
|
'the private key.'))
|
|
->appendParagraph(
|
|
pht(
|
|
'After you download the private key, it will be destroyed. '.
|
|
'You will not be able to retrieve it if you lose your copy.'))
|
|
->addSubmitButton(pht('Download Private Key'))
|
|
->addCancelButton($cancel_uri, pht('Done'));
|
|
}
|
|
|
|
try {
|
|
PhabricatorSSHKeyGenerator::assertCanGenerateKeypair();
|
|
|
|
return $this->newDialog()
|
|
->setTitle(pht('Generate New Keypair'))
|
|
->addHiddenInput('objectPHID', $key->getObject()->getPHID())
|
|
->appendParagraph(
|
|
pht(
|
|
'This workflow will generate a new SSH keypair, add the public '.
|
|
'key, and let you download the private key.'))
|
|
->appendParagraph(
|
|
pht(
|
|
'Phabricator will not retain a copy of the private key.'))
|
|
->addSubmitButton(pht('Generate New Keypair'))
|
|
->addCancelButton($cancel_uri);
|
|
} catch (Exception $ex) {
|
|
return $this->newDialog()
|
|
->setTitle(pht('Unable to Generate Keys'))
|
|
->appendParagraph($ex->getMessage())
|
|
->addCancelButton($cancel_uri);
|
|
}
|
|
}
|
|
|
|
}
|