1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 01:02:42 +01:00
phorge-phorge/src
epriestley deb754dfe1 Make SSH key revocation actually prevent adding the same key back
Summary:
Ref T13043. In an earlier change I updated this langauge from "Deactivate" to "Revoke", but the behavior doesn't quite match.

This table has a unique key on `<isActive, keyBody>`, which enforces the rule that "a key can only be active for one unique user".

However, we set `isActive` to `null` when we revoke a key, and multiple rows are allowed to have the value `<null, "asdf">` (since a `null` column in a unique key basically means "don't enforce this unique key").

This is intentional, to support this workflow:

  - You add key X to bot A.
  - Whoops, wrong account.
  - You revoke key X from bot A.
  - You add key X to bot B.

This isn't necessarily a great workflow -- ideally, you'd throw key X away and go generate a new key after you realize you made a mistake -- but it's the sort of practical workflow that users are likely to expect and want to see work ("I don't want to generate a new key, it's already being used by 5 other services and cycling it is a ton of work and this is just a test install for my dog anyway."), and there's no technical reason we can't support it.

To prevent users from adding keys on the revocation list back to their account, just check explicitly.

(This is probably better in general anyway, because "cert-authority" support from PHI269 may mean that two keys are "equivalent" even if their text differs, and we may not be able to rely on a database test anyway.)

Test Plan:
  - Added the key `ssh-rsa asdf` to my account.
  - Revoked it.
  - Tried to add it again.
    - Before patch: worked.
    - After patch: error, "this key has been revoked".
  - Added it to a different account (the "I put it on the wrong bot" workflow).

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043

Differential Revision: https://secure.phabricator.com/D18928
2018-01-25 19:43:37 -08:00
..
__tests__ Use PhutilClassMapQuery instead of PhutilSymbolLoader 2015-08-14 07:49:01 +10:00
aphront Modularize rate/connection limits in Phabricator 2017-10-13 13:12:05 -07:00
applications Make SSH key revocation actually prevent adding the same key back 2018-01-25 19:43:37 -08:00
docs Document the "bin/auth revoke" tool 2018-01-23 14:02:18 -08:00
extensions Add src/extensions/ to Phabricator 2013-08-14 15:38:06 -07:00
infrastructure Fix failure to record pullerPHID in repository pull logs 2018-01-23 14:09:42 -08:00
view Allow bulk edits to be made silently if you have CLI access 2018-01-19 13:24:54 -08:00
__phutil_library_init__.php
__phutil_library_map__.php Add a basic view for repository pull logs 2018-01-23 14:10:10 -08:00