1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-30 18:52:42 +01:00
phorge-phorge/src/applications/auth
epriestley 1b24b486f5 Manage object mailKeys automatically in Mail instead of storing them on objects
Summary:
Ref T13065. `mailKey`s are a private secret for each object. In some mail configurations, they help us ensure that inbound mail is authentic: when we send you mail, the "Reply-To" is "T123+456+abcdef".

  - The `T123` is the object you're actually replying to.
  - The `456` is your user ID.
  - The `abcdef` is a hash of your user account with the `mailKey`.

Knowing this hash effectively proves that Phabricator has sent you mail about the object before, i.e. that you legitimately control the account you're sending from. Without this, anyone could send mail to any object "From" someone else, and have comments post under their username.

To generate this hash, we need a stable secret per object. (We can't use properties like the PHID because the secret has to be legitimately secret.)

Today, we store these in `mailKey` properties on the actual objects, and manually generate them. This results in tons and tons and tons of copies of this same ~10 lines of code.

Instead, just store them in the Mail application and generate them on demand. This change also anticipates possibly adding flags like "must encrypt" and "original subject", which are other "durable metadata about mail transmission" properties we may have use cases for eventually.

Test Plan:
  - See next change for additional testing and context.
  - Sent mail about Herald rules (next change); saw mail keys generate cleanly.
  - Destroyed a Herald rule with a mail key, saw the mail properties get nuked.
  - Grepped for `getMailKey()` and converted all callsites I could which aren't the copy/pasted boilerplate present in 50 places.
  - Used `bin/mail receive-test --to T123` to test normal mail receipt of older-style objects and make sure that wasn't broken.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13065

Differential Revision: https://secure.phabricator.com/D19399
2018-04-25 06:46:58 -07:00
..
__tests__ Add test coverage for SSH key revocation 2018-01-25 19:47:20 -08:00
action Add a rate limit for guessing old passwords when changing passwords 2018-01-23 13:46:06 -08:00
application Add a bin/auth revoke revoker for SSH keys 2018-01-22 15:35:07 -08:00
capability Auth - add "manage providers" capability 2015-01-12 14:37:58 -08:00
conduit Deactivate SSH keys instead of destroying them completely 2016-05-18 14:54:28 -07:00
constants Support invites in the registration and login flow 2015-02-11 06:06:28 -08:00
controller Never generate file download forms which point to the CDN domain, tighten "form-action" CSP 2018-02-28 17:20:12 -08:00
data Add session and request hooks to PhabricatorAuthSessionEngine 2016-11-17 13:09:29 -08:00
editor Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
engine Read lock all transaction edits 2018-02-10 20:07:46 -08:00
exception Add email invites to Phabricator (logic only) 2015-02-09 16:12:36 -08:00
extension Add a more modern object for storing password hashes 2018-01-22 15:35:28 -08:00
factor Fix spelling 2017-10-09 10:48:04 -07:00
garbagecollector Provide bin/garbage for interacting with garbage collection 2015-10-02 09:17:24 -07:00
guidance Add a bunch of Phacility-specific code to the upstream, thinly veiled as generic code 2016-11-15 09:11:22 -08:00
handler Modularize generation of supplemental login messages 2015-09-04 10:34:39 -07:00
mail Send forced mail on SSH key edits 2016-05-19 15:01:25 -07:00
management Add "bin/auth revoke --list" to explain what can be revoked 2018-01-23 14:01:39 -08:00
password Rename "PhabricatorPasswordHashInterface" to "PhabricatorAuthPasswordHashInterface" 2018-01-23 14:06:05 -08:00
phid Add a more modern object for storing password hashes 2018-01-22 15:35:28 -08:00
provider Include OAuth targets in "form-action" Content-Security-Policy 2018-02-28 19:28:35 -08:00
query Add test coverage to the PasswordEngine upgrade workflow and fix a few bugs 2018-01-23 10:55:35 -08:00
revoker Add "bin/auth revoke --list" to explain what can be revoked 2018-01-23 14:01:39 -08:00
sshkey Send forced mail on SSH key edits 2016-05-19 15:01:25 -07:00
storage Manage object mailKeys automatically in Mail instead of storing them on objects 2018-04-25 06:46:58 -07:00
tokentype Redesign Config Application 2016-08-29 15:49:49 -07:00
view Explicitly add rel="noreferrer" to all external links 2018-02-17 17:46:11 -08:00
worker Send emails for email invites 2015-02-11 06:06:09 -08:00
xaction Add test coverage to the PasswordEngine upgrade workflow and fix a few bugs 2018-01-23 10:55:35 -08:00