mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-27 09:12:41 +01:00
ab7d89edc8
Summary: When we generate account tokens for CSRF keys and email verification, one of the inputs we use is the user's password hash. Users won't always have a password hash, so this is a weak input to key generation. This also couples CSRF weirdly with auth concerns. Instead, give users a dedicated secret for use in token generation which is used only for this purpose. Test Plan: - Ran upgrade scripts. - Verified all users got new secrets. - Created a new user. - Verified they got a secret. - Submitted CSRF'd forms, they worked. - Adjusted the CSRF token and submitted CSRF'd forms, verified they don't work. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D8748
23 lines
425 B
PHP
23 lines
425 B
PHP
<?php
|
|
|
|
echo "Updating users...\n";
|
|
|
|
|
|
foreach (new LiskMigrationIterator(new PhabricatorUser()) as $user) {
|
|
|
|
$id = $user->getID();
|
|
echo "Updating {$id}...\n";
|
|
|
|
if (strlen($user->getAccountSecret())) {
|
|
continue;
|
|
}
|
|
|
|
queryfx(
|
|
$user->establishConnection('w'),
|
|
'UPDATE %T SET accountSecret = %s WHERE id = %d',
|
|
$user->getTableName(),
|
|
Filesystem::readRandomCharacters(64),
|
|
$id);
|
|
}
|
|
|
|
echo "Done.\n";
|