D15943.id38392.diff
No OneTemporary
Actions

Size

11 KB

Referenced Files

None

Subscribers

None

D15943.id38392.diff
View Options

	diff --git a/resources/sql/autopatches/20160518.ssh.01.activecol.sql b/resources/sql/autopatches/20160518.ssh.01.activecol.sql
	new file mode 100644
	--- /dev/null
	+++ b/resources/sql/autopatches/20160518.ssh.01.activecol.sql
	@@ -0,0 +1,2 @@
	+ALTER TABLE {$NAMESPACE}_auth.auth_sshkey
	+ ADD isActive BOOL;
	diff --git a/resources/sql/autopatches/20160518.ssh.02.activeval.sql b/resources/sql/autopatches/20160518.ssh.02.activeval.sql
	new file mode 100644
	--- /dev/null
	+++ b/resources/sql/autopatches/20160518.ssh.02.activeval.sql
	@@ -0,0 +1,2 @@
	+UPDATE {$NAMESPACE}_auth.auth_sshkey
	+ SET isActive = 1;
	diff --git a/resources/sql/autopatches/20160518.ssh.03.activekey.sql b/resources/sql/autopatches/20160518.ssh.03.activekey.sql
	new file mode 100644
	--- /dev/null
	+++ b/resources/sql/autopatches/20160518.ssh.03.activekey.sql
	@@ -0,0 +1,2 @@
	+ALTER TABLE {$NAMESPACE}_auth.auth_sshkey
	+ ADD UNIQUE KEY `key_activeunique` (keyIndex, isActive);
	diff --git a/scripts/ssh/ssh-auth-key.php b/scripts/ssh/ssh-auth-key.php
	--- a/scripts/ssh/ssh-auth-key.php
	+++ b/scripts/ssh/ssh-auth-key.php
	@@ -14,6 +14,7 @@
	$key = id(new PhabricatorAuthSSHKeyQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withKeys(array($public_key))
	+ ->withIsActive(true)
	->executeOne();
	if (!$key) {
	exit(1);
	diff --git a/scripts/ssh/ssh-auth.php b/scripts/ssh/ssh-auth.php
	--- a/scripts/ssh/ssh-auth.php
	+++ b/scripts/ssh/ssh-auth.php
	@@ -6,6 +6,7 @@

	$keys = id(new PhabricatorAuthSSHKeyQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	+ ->withIsActive(true)
	->execute();

	if (!$keys) {
	diff --git a/src/applications/almanac/controller/AlmanacDeviceViewController.php b/src/applications/almanac/controller/AlmanacDeviceViewController.php
	--- a/src/applications/almanac/controller/AlmanacDeviceViewController.php
	+++ b/src/applications/almanac/controller/AlmanacDeviceViewController.php
	@@ -146,6 +146,7 @@
	$keys = id(new PhabricatorAuthSSHKeyQuery())
	->setViewer($viewer)
	->withObjectPHIDs(array($device_phid))
	+ ->withIsActive(true)
	->execute();

	$table = id(new PhabricatorAuthSSHKeyTableView())
	diff --git a/src/applications/almanac/management/AlmanacManagementRegisterWorkflow.php b/src/applications/almanac/management/AlmanacManagementRegisterWorkflow.php
	--- a/src/applications/almanac/management/AlmanacManagementRegisterWorkflow.php
	+++ b/src/applications/almanac/management/AlmanacManagementRegisterWorkflow.php
	@@ -141,6 +141,7 @@
	$public_key = id(new PhabricatorAuthSSHKeyQuery())
	->setViewer($this->getViewer())
	->withKeys(array($key_object))
	+ ->withIsActive(true)
	->executeOne();

	if (!$public_key) {
	diff --git a/src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php b/src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php
	--- a/src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php
	+++ b/src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php
	@@ -35,6 +35,11 @@
	pht('No public key exists with ID "%s".', $id));
	}

	+ if (!$key->getIsActive()) {
	+ throw new PhutilArgumentUsageException(
	+ pht('Public key "%s" is not an active key.', $id));
	+ }
	+
	if ($key->getIsTrusted()) {
	throw new PhutilArgumentUsageException(
	pht('Public key with ID %s is already trusted.', $id));
	diff --git a/src/applications/auth/conduit/PhabricatorAuthQueryPublicKeysConduitAPIMethod.php b/src/applications/auth/conduit/PhabricatorAuthQueryPublicKeysConduitAPIMethod.php
	--- a/src/applications/auth/conduit/PhabricatorAuthQueryPublicKeysConduitAPIMethod.php
	+++ b/src/applications/auth/conduit/PhabricatorAuthQueryPublicKeysConduitAPIMethod.php
	@@ -28,7 +28,8 @@
	$viewer = $request->getUser();

	$query = id(new PhabricatorAuthSSHKeyQuery())
	- ->setViewer($viewer);
	+ ->setViewer($viewer)
	+ ->withIsActive(true);

	$ids = $request->getValue('ids');
	if ($ids !== null) {
	diff --git a/src/applications/auth/controller/PhabricatorAuthSSHKeyController.php b/src/applications/auth/controller/PhabricatorAuthSSHKeyController.php
	--- a/src/applications/auth/controller/PhabricatorAuthSSHKeyController.php
	+++ b/src/applications/auth/controller/PhabricatorAuthSSHKeyController.php
	@@ -25,9 +25,7 @@
	return null;
	}

	- return id(new PhabricatorAuthSSHKey())
	- ->setObjectPHID($object_phid)
	- ->attachObject($object);
	+ return PhabricatorAuthSSHKey::initializeNewSSHKey($viewer, $object);
	}

	}
	diff --git a/src/applications/auth/controller/PhabricatorAuthSSHKeyDeleteController.php b/src/applications/auth/controller/PhabricatorAuthSSHKeyDeleteController.php
	--- a/src/applications/auth/controller/PhabricatorAuthSSHKeyDeleteController.php
	+++ b/src/applications/auth/controller/PhabricatorAuthSSHKeyDeleteController.php
	@@ -9,6 +9,7 @@
	$key = id(new PhabricatorAuthSSHKeyQuery())
	->setViewer($viewer)
	->withIDs(array($request->getURIData('id')))
	+ ->withIsActive(true)
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	@@ -27,8 +28,11 @@
	$cancel_uri);

	if ($request->isFormPost()) {
	- // TODO: It would be nice to write an edge transaction here or something.
	- $key->delete();
	+
	+ // TODO: Convert to transactions.
	+ $key->setIsActive(null);
	+ $key->save();
	+
	return id(new AphrontRedirectResponse())->setURI($cancel_uri);
	}

	diff --git a/src/applications/auth/controller/PhabricatorAuthSSHKeyEditController.php b/src/applications/auth/controller/PhabricatorAuthSSHKeyEditController.php
	--- a/src/applications/auth/controller/PhabricatorAuthSSHKeyEditController.php
	+++ b/src/applications/auth/controller/PhabricatorAuthSSHKeyEditController.php
	@@ -11,6 +11,7 @@
	$key = id(new PhabricatorAuthSSHKeyQuery())
	->setViewer($viewer)
	->withIDs(array($id))
	+ ->withIsActive(true)
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	diff --git a/src/applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php b/src/applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php
	--- a/src/applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php
	+++ b/src/applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php
	@@ -32,6 +32,10 @@
	foreach ($handles as $phid => $handle) {
	$key = $objects[$phid];
	$handle->setName(pht('SSH Key %d', $key->getID()));
	+
	+ if (!$key->getIsActive()) {
	+ $handle->setClosed(pht('Inactive'));
	+ }
	}
	}

	diff --git a/src/applications/auth/query/PhabricatorAuthSSHKeyQuery.php b/src/applications/auth/query/PhabricatorAuthSSHKeyQuery.php
	--- a/src/applications/auth/query/PhabricatorAuthSSHKeyQuery.php
	+++ b/src/applications/auth/query/PhabricatorAuthSSHKeyQuery.php
	@@ -7,6 +7,7 @@
	private $phids;
	private $objectPHIDs;
	private $keys;
	+ private $isActive;

	public function withIDs(array $ids) {
	$this->ids = $ids;
	@@ -29,6 +30,11 @@
	return $this;
	}

	+ public function withIsActive($active) {
	+ $this->isActive = $active;
	+ return $this;
	+ }
	+
	public function newResultObject() {
	return new PhabricatorAuthSSHKey();
	}
	@@ -100,6 +106,19 @@
	$where[] = implode(' OR ', $sql);
	}

	+ if ($this->isActive !== null) {
	+ if ($this->isActive) {
	+ $where[] = qsprintf(
	+ $conn,
	+ 'isActive = %d',
	+ 1);
	+ } else {
	+ $where[] = qsprintf(
	+ $conn,
	+ 'isActive IS NULL');
	+ }
	+ }
	+
	return $where;

	}
	diff --git a/src/applications/auth/storage/PhabricatorAuthSSHKey.php b/src/applications/auth/storage/PhabricatorAuthSSHKey.php
	--- a/src/applications/auth/storage/PhabricatorAuthSSHKey.php
	+++ b/src/applications/auth/storage/PhabricatorAuthSSHKey.php
	@@ -13,9 +13,28 @@
	protected $keyBody;
	protected $keyComment = '';
	protected $isTrusted = 0;
	+ protected $isActive;

	private $object = self::ATTACHABLE;

	+ public static function initializeNewSSHKey(
	+ PhabricatorUser $viewer,
	+ PhabricatorSSHPublicKeyInterface $object) {
	+
	+ // You must be able to edit an object to create a new key on it.
	+ PhabricatorPolicyFilter::requireCapability(
	+ $viewer,
	+ $object,
	+ PhabricatorPolicyCapability::CAN_EDIT);
	+
	+ $object_phid = $object->getPHID();
	+
	+ return id(new self())
	+ ->setIsActive(1)
	+ ->setObjectPHID($object_phid)
	+ ->attachObject($object);
	+ }
	+
	protected function getConfiguration() {
	return array(
	self::CONFIG_AUX_PHID => true,
	@@ -26,13 +45,19 @@
	'keyBody' => 'text',
	'keyComment' => 'text255',
	'isTrusted' => 'bool',
	+ 'isActive' => 'bool?',
	),
	self::CONFIG_KEY_SCHEMA => array(
	'key_object' => array(
	'columns' => array('objectPHID'),
	),
	- 'key_unique' => array(
	- 'columns' => array('keyIndex'),
	+ 'key_active' => array(
	+ 'columns' => array('isActive', 'objectPHID'),
	+ ),
	+ // NOTE: This unique key includes a nullable column, effectively
	+ // constraining uniqueness on active keys only.
	+ 'key_activeunique' => array(
	+ 'columns' => array('keyIndex', 'isActive'),
	'unique' => true,
	),
	),
	diff --git a/src/applications/conduit/controller/PhabricatorConduitAPIController.php b/src/applications/conduit/controller/PhabricatorConduitAPIController.php
	--- a/src/applications/conduit/controller/PhabricatorConduitAPIController.php
	+++ b/src/applications/conduit/controller/PhabricatorConduitAPIController.php
	@@ -204,6 +204,7 @@
	$stored_key = id(new PhabricatorAuthSSHKeyQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withKeys(array($public_key))
	+ ->withIsActive(true)
	->executeOne();
	if (!$stored_key) {
	return array(
	diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php
	--- a/src/applications/people/storage/PhabricatorUser.php
	+++ b/src/applications/people/storage/PhabricatorUser.php
	@@ -1291,11 +1291,12 @@
	$profile->delete();
	}

	- $keys = id(new PhabricatorAuthSSHKey())->loadAllWhere(
	- 'objectPHID = %s',
	- $this->getPHID());
	+ $keys = id(new PhabricatorAuthSSHKeyQuery())
	+ ->setViewer($engine->getViewer())
	+ ->withObjectPHIDs(array($this->getPHID()))
	+ ->execute();
	foreach ($keys as $key) {
	- $key->delete();
	+ $engine->destroyObject($key);
	}

	$emails = id(new PhabricatorUserEmail())->loadAllWhere(
	diff --git a/src/applications/settings/panel/PhabricatorSSHKeysSettingsPanel.php b/src/applications/settings/panel/PhabricatorSSHKeysSettingsPanel.php
	--- a/src/applications/settings/panel/PhabricatorSSHKeysSettingsPanel.php
	+++ b/src/applications/settings/panel/PhabricatorSSHKeysSettingsPanel.php
	@@ -33,6 +33,7 @@
	$keys = id(new PhabricatorAuthSSHKeyQuery())
	->setViewer($viewer)
	->withObjectPHIDs(array($user->getPHID()))
	+ ->withIsActive(true)
	->execute();

	$table = id(new PhabricatorAuthSSHKeyTableView())

File Metadata

Mime Type: text/plain
Expires: Thu, Mar 20, 10:54 AM (5 d, 23 h ago)
Storage Engine: blob
Storage Format: Encrypted (AES-256-CBC)
Storage Handle: 7705478
Default Alt Text: D15943.id38392.diff (11 KB)

D15943.id38392.diffNo OneTemporaryActions

D15943.id38392.diffView Options

File Metadata

Event Timeline

D15943.id38392.diff
No OneTemporary
Actions

D15943.id38392.diff
View Options