Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14622277
D18928.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Referenced Files
None
Subscribers
None
D18928.diff
View Options
diff --git a/src/applications/auth/editor/PhabricatorAuthSSHKeyEditor.php b/src/applications/auth/editor/PhabricatorAuthSSHKeyEditor.php
--- a/src/applications/auth/editor/PhabricatorAuthSSHKeyEditor.php
+++ b/src/applications/auth/editor/PhabricatorAuthSSHKeyEditor.php
@@ -104,6 +104,7 @@
array $xactions) {
$errors = parent::validateTransaction($object, $type, $xactions);
+ $viewer = $this->requireActor();
switch ($type) {
case PhabricatorAuthSSHKeyTransaction::TYPE_NAME:
@@ -149,6 +150,30 @@
pht('Invalid'),
$ex->getMessage(),
$xaction);
+ continue;
+ }
+
+ // The database does not have a unique key on just the <keyBody>
+ // column because we allow multiple accounts to revoke the same
+ // key, so we can't rely on database constraints to prevent users
+ // from adding keys that are on the revocation list back to their
+ // accounts. Explicitly check for a revoked copy of the key.
+
+ $revoked_keys = id(new PhabricatorAuthSSHKeyQuery())
+ ->setViewer($viewer)
+ ->withObjectPHIDs(array($object->getObjectPHID()))
+ ->withIsActive(0)
+ ->withKeys(array($public_key))
+ ->execute();
+ if ($revoked_keys) {
+ $errors[] = new PhabricatorApplicationTransactionValidationError(
+ $type,
+ pht('Revoked'),
+ pht(
+ 'This key has been revoked. Choose or generate a new, '.
+ 'unique key.'),
+ $xaction);
+ continue;
}
}
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Jan 11, 9:27 AM (19 h, 44 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6984921
Default Alt Text
D18928.diff (1 KB)
Attached To
Mode
D18928: Make SSH key revocation actually prevent adding the same key back
Attached
Detach File
Event Timeline
Log In to Comment