mirror of
https://we.phorge.it/source/phorge.git
synced 2025-04-04 00:18:21 +02:00
69053a40f9
Summary: Fixes T12554. The SSH key cache contains usernames, but is not currently dirtied on username changes. An alternative solution would be to use user PHIDs instead of usernames in the file, which would make this unnecessary, but that would make debugging a bit harder. For now, I think this small added complexity is worth the easier debugging, but we could look at this again if cache management gets harder in the future. Test Plan: - Added a key as `ducksey`, ran `bin/ssh-auth`, saw key immediately. - Renamed `ducksey` to `ducker`, ran `bin/ssh-auth`, saw username change immediately. - Added another key as `ducker`, ran `bin/ssh-auth`, saw key immediately. Reviewers: chad Reviewed By: chad Maniphest Tasks: T12554 Differential Revision: https://secure.phabricator.com/D17687
138 lines
3.1 KiB
PHP
138 lines
3.1 KiB
PHP
<?php
|
|
|
|
final class PhabricatorAuthSSHKeyQuery
|
|
extends PhabricatorCursorPagedPolicyAwareQuery {
|
|
|
|
const AUTHFILE_CACHEKEY = 'ssh.authfile';
|
|
|
|
private $ids;
|
|
private $phids;
|
|
private $objectPHIDs;
|
|
private $keys;
|
|
private $isActive;
|
|
|
|
public static function deleteSSHKeyCache() {
|
|
$cache = PhabricatorCaches::getMutableCache();
|
|
$authfile_key = self::AUTHFILE_CACHEKEY;
|
|
$cache->deleteKey($authfile_key);
|
|
}
|
|
|
|
public function withIDs(array $ids) {
|
|
$this->ids = $ids;
|
|
return $this;
|
|
}
|
|
|
|
public function withPHIDs(array $phids) {
|
|
$this->phids = $phids;
|
|
return $this;
|
|
}
|
|
|
|
public function withObjectPHIDs(array $object_phids) {
|
|
$this->objectPHIDs = $object_phids;
|
|
return $this;
|
|
}
|
|
|
|
public function withKeys(array $keys) {
|
|
assert_instances_of($keys, 'PhabricatorAuthSSHPublicKey');
|
|
$this->keys = $keys;
|
|
return $this;
|
|
}
|
|
|
|
public function withIsActive($active) {
|
|
$this->isActive = $active;
|
|
return $this;
|
|
}
|
|
|
|
public function newResultObject() {
|
|
return new PhabricatorAuthSSHKey();
|
|
}
|
|
|
|
protected function loadPage() {
|
|
return $this->loadStandardPage($this->newResultObject());
|
|
}
|
|
|
|
protected function willFilterPage(array $keys) {
|
|
$object_phids = mpull($keys, 'getObjectPHID');
|
|
|
|
$objects = id(new PhabricatorObjectQuery())
|
|
->setViewer($this->getViewer())
|
|
->setParentQuery($this)
|
|
->withPHIDs($object_phids)
|
|
->execute();
|
|
$objects = mpull($objects, null, 'getPHID');
|
|
|
|
foreach ($keys as $key => $ssh_key) {
|
|
$object = idx($objects, $ssh_key->getObjectPHID());
|
|
|
|
// We must have an object, and that object must be a valid object for
|
|
// SSH keys.
|
|
if (!$object || !($object instanceof PhabricatorSSHPublicKeyInterface)) {
|
|
$this->didRejectResult($ssh_key);
|
|
unset($keys[$key]);
|
|
continue;
|
|
}
|
|
|
|
$ssh_key->attachObject($object);
|
|
}
|
|
|
|
return $keys;
|
|
}
|
|
|
|
protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
|
|
$where = parent::buildWhereClauseParts($conn);
|
|
|
|
if ($this->ids !== null) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'id IN (%Ld)',
|
|
$this->ids);
|
|
}
|
|
|
|
if ($this->phids !== null) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'phid IN (%Ls)',
|
|
$this->phids);
|
|
}
|
|
|
|
if ($this->objectPHIDs !== null) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'objectPHID IN (%Ls)',
|
|
$this->objectPHIDs);
|
|
}
|
|
|
|
if ($this->keys !== null) {
|
|
$sql = array();
|
|
foreach ($this->keys as $key) {
|
|
$sql[] = qsprintf(
|
|
$conn,
|
|
'(keyType = %s AND keyIndex = %s)',
|
|
$key->getType(),
|
|
$key->getHash());
|
|
}
|
|
$where[] = implode(' OR ', $sql);
|
|
}
|
|
|
|
if ($this->isActive !== null) {
|
|
if ($this->isActive) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'isActive = %d',
|
|
1);
|
|
} else {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'isActive IS NULL');
|
|
}
|
|
}
|
|
|
|
return $where;
|
|
|
|
}
|
|
|
|
public function getQueryApplicationClass() {
|
|
return 'PhabricatorAuthApplication';
|
|
}
|
|
|
|
}
|