mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-14 02:42:40 +01:00
36006bcb8f
Summary: Via HackerOne. Currently, you can use "Lock Permanently" to lock a credential permanently, but you can still enable Conduit API access to it. This directly contradicts both intent of the setting and its description as presented to the user. Instead: - When a credential is locked, revoke Conduit API access. - Prevent API access from being enabled for locked credentials. - Prevent API access to locked credentials, period. Test Plan: - Created a credential. - Enabled API access. - Locked credential. - Saw API access become disabled. - Tried to enable API access; was rebuffed. - Queried credential via API, wasn't granted access. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D15944 |
||
|---|---|---|
| .. | ||
| PassphraseController.php | ||
| PassphraseCredentialConduitController.php | ||
| PassphraseCredentialCreateController.php | ||
| PassphraseCredentialDestroyController.php | ||
| PassphraseCredentialEditController.php | ||
| PassphraseCredentialListController.php | ||
| PassphraseCredentialLockController.php | ||
| PassphraseCredentialPublicController.php | ||
| PassphraseCredentialRevealController.php | ||
| PassphraseCredentialViewController.php | ||