phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-09-22 10:18:48 +02:00

History

Bob Trahan e281c5ee90 Security - disable conduit act as user by default Summary: Introduce a new configuration setting that by default disables the conduit as as user method. Wordily explain that turning it on is not recommended. Fixes T3818. Test Plan: ``` 15:25:19 ~/Dropbox/code/phalanx/src/applications/conduit (T3818) ~> echo '{}' \| arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami Waiting for JSON parameters on stdin... {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-tghb3b2gbdyezdcuw2or","userName":"btrahan","realName":"Bob Trahan","image":"http:\/\/phalanx.dev\/file\/data\/yncjbh7phk7ktrdhuorn\/PHID-FILE-qyf4ui3x2ll3e52hpg5e\/profile-profile-gravatar","uri":"http:\/\/phalanx.dev\/p\/btrahan\/","roles":["admin","verified","approved","activated"]}} 15:25:34 ~/Dropbox/code/phalanx/src/applications/conduit (T3818) <go edit libconfig/conduitclient to spoof another user...> ~> echo '{}' \| arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami Waiting for JSON parameters on stdin... {"error":"ERR-CONDUIT-CORE","errorMessage":"ERR-CONDUIT-CORE: security.allow-conduit-act-as-user is disabled","response":null} 15:26:40 ~/Dropbox/code/phalanx/src/applications/conduit (T3818) <enable option via bin/config....> ~> echo '{}' \| arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami Waiting for JSON parameters on stdin... {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-6lcglnzbkiamdofishgi","userName":"xerxes","realName":"Xerxes Trahan","image":"http:\/\/phalanx.dev\/file\/data\/n2kyeevowetcuynbcxrg\/PHID-FILE-voquikectzpde256zzvm\/profile-1275455993.jpg","uri":"http:\/\/phalanx.dev\/p\/xerxes\/","roles":["verified","approved","activated"]}} ``` Reviewers: epriestley Reviewed By: epriestley Subscribers: jevripio, sowedance, epriestley, Korvin Maniphest Tasks: T3818 Differential Revision: https://secure.phabricator.com/D9881		2014-07-10 15:43:53 -07:00
..
application	(Redesign) Clean up older "Tile" code	2014-06-03 15:47:27 -07:00
call	Applied various linter fixes.	2014-06-09 16:04:12 -07:00
config	Change double quotes to single quotes.	2014-06-09 11:36:50 -07:00
controller	Security - disable conduit act as user by default	2014-07-10 15:43:53 -07:00
garbagecollector	Complete modularization of the GC daemon	2014-01-15 10:02:31 -08:00
method	Remove `@group` annotations	2014-07-10 08:12:48 +10:00
protocol	Remove `@group` annotations	2014-07-10 08:12:48 +10:00
query	Allow users to select QueryPanel search engines from a list	2014-06-12 13:22:20 -07:00
ssh	Change double quotes to single quotes.	2014-06-09 11:36:50 -07:00
storage	Remove `@group` annotations	2014-07-10 08:12:48 +10:00