Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15422253
D8947.id21225.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
17 KB
Referenced Files
None
Subscribers
None
D8947.id21225.diff
View Options
diff --git a/resources/sql/autopatches/20140501.passphraselockcredential.sql b/resources/sql/autopatches/20140501.passphraselockcredential.sql
new file mode 100644
--- /dev/null
+++ b/resources/sql/autopatches/20140501.passphraselockcredential.sql
@@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_passphrase.passphrase_credential
+ ADD COLUMN isLocked BOOL NOT NULL;
diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -1045,6 +1045,7 @@
'PassphraseCredentialDestroyController' => 'applications/passphrase/controller/PassphraseCredentialDestroyController.php',
'PassphraseCredentialEditController' => 'applications/passphrase/controller/PassphraseCredentialEditController.php',
'PassphraseCredentialListController' => 'applications/passphrase/controller/PassphraseCredentialListController.php',
+ 'PassphraseCredentialLockController' => 'applications/passphrase/controller/PassphraseCredentialLockController.php',
'PassphraseCredentialPublicController' => 'applications/passphrase/controller/PassphraseCredentialPublicController.php',
'PassphraseCredentialQuery' => 'applications/passphrase/query/PassphraseCredentialQuery.php',
'PassphraseCredentialRevealController' => 'applications/passphrase/controller/PassphraseCredentialRevealController.php',
@@ -3794,6 +3795,7 @@
0 => 'PassphraseController',
1 => 'PhabricatorApplicationSearchResultsControllerInterface',
),
+ 'PassphraseCredentialLockController' => 'PassphraseController',
'PassphraseCredentialPublicController' => 'PassphraseController',
'PassphraseCredentialQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
'PassphraseCredentialRevealController' => 'PassphraseController',
diff --git a/src/applications/passphrase/application/PhabricatorApplicationPassphrase.php b/src/applications/passphrase/application/PhabricatorApplicationPassphrase.php
--- a/src/applications/passphrase/application/PhabricatorApplicationPassphrase.php
+++ b/src/applications/passphrase/application/PhabricatorApplicationPassphrase.php
@@ -41,6 +41,7 @@
'destroy/(?P<id>\d+)/' => 'PassphraseCredentialDestroyController',
'reveal/(?P<id>\d+)/' => 'PassphraseCredentialRevealController',
'public/(?P<id>\d+)/' => 'PassphraseCredentialPublicController',
+ 'lock/(?P<id>\d+)/' => 'PassphraseCredentialLockController',
));
}
diff --git a/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php b/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php
@@ -50,16 +50,28 @@
return id(new AphrontRedirectResponse())->setURI($view_uri);
}
- $dialog = id(new AphrontDialogView())
- ->setUser($viewer)
- ->setTitle(pht('Really destroy credential?'))
- ->appendChild(
- pht(
- 'This credential will be deactivated and the secret will be '.
- 'unrecoverably destroyed. Anything relying on this credential will '.
- 'cease to function. This operation can not be undone.'))
- ->addSubmitButton(pht('Destroy Credential'))
- ->addCancelButton($view_uri);
+ if ($credential->getIsLocked()) {
+ $dialog = id(new AphrontDialogView())
+ ->setUser($viewer)
+ ->setTitle(pht('Credential is locked'))
+ ->appendChild(
+ pht('This credential can not be deactivated, ').
+ pht('because it is locked.'))
+ ->addCancelButton($view_uri);
+ } else {
+ $dialog = id(new AphrontDialogView())
+ ->setUser($viewer)
+ ->setTitle(pht('Really destroy credential?'))
+ ->appendChild(
+ pht(
+ 'This credential will be deactivated and the secret will be '.
+ 'unrecoverably destroyed. Anything relying on this credential '.
+ 'will cease to function. This operation can not be undone.'))
+ ->addSubmitButton(pht('Destroy Credential'))
+ ->addCancelButton($view_uri);
+ }
+
+
return id(new AphrontDialogResponse())->setDialog($dialog);
}
diff --git a/src/applications/passphrase/controller/PassphraseCredentialEditController.php b/src/applications/passphrase/controller/PassphraseCredentialEditController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialEditController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialEditController.php
@@ -93,6 +93,7 @@
$v_username = $request->getStr('username');
$v_view_policy = $request->getStr('viewPolicy');
$v_edit_policy = $request->getStr('editPolicy');
+ $v_is_locked = $request->getStr('lock');
$v_secret = $request->getStr('secret');
$v_password = $request->getStr('password');
@@ -126,6 +127,7 @@
$type_username = PassphraseCredentialTransaction::TYPE_USERNAME;
$type_destroy = PassphraseCredentialTransaction::TYPE_DESTROY;
$type_secret_id = PassphraseCredentialTransaction::TYPE_SECRET_ID;
+ $type_is_locked = PassphraseCredentialTransaction::TYPE_LOCK;
$type_view_policy = PhabricatorTransactions::TYPE_VIEW_POLICY;
$type_edit_policy = PhabricatorTransactions::TYPE_EDIT_POLICY;
@@ -151,6 +153,10 @@
->setTransactionType($type_edit_policy)
->setNewValue($v_edit_policy);
+ $xactions[] = id(new PassphraseCredentialTransaction())
+ ->setTransactionType($type_is_locked)
+ ->setNewValue($v_is_locked);
+
// Open a transaction in case we're writing a new secret; this limits
// the amount of code which handles secret plaintexts.
$credential->openTransaction();
@@ -200,6 +206,7 @@
$credential->setViewPolicy($v_view_policy);
$credential->setEditPolicy($v_edit_policy);
+ $credential->setIsLocked($v_is_locked);
}
}
}
@@ -210,6 +217,7 @@
->execute();
$secret_control = $type->newSecretControl();
+ $credential_is_locked = $credential->getIsLocked();
$form = id(new AphrontFormView())
->setUser($viewer)
@@ -251,12 +259,20 @@
->setName('username')
->setLabel(pht('Login/Username'))
->setValue($v_username)
+ ->setDisabled($credential_is_locked)
->setError($e_username))
->appendChild(
$secret_control
->setName('secret')
->setLabel($type->getSecretLabel())
- ->setValue($v_secret));
+ ->setDisabled($credential_is_locked)
+ ->setValue($v_secret))
+ ->appendChild(
+ id(new AphrontFormCheckboxControl())
+ ->addCheckbox(
+ 'lock',
+ 1,
+ pht('Lock Permanently')));
if ($type->shouldShowPasswordField()) {
$form->appendChild(
diff --git a/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php b/src/applications/passphrase/controller/PassphraseCredentialLockController.php
copy from src/applications/passphrase/controller/PassphraseCredentialDestroyController.php
copy to src/applications/passphrase/controller/PassphraseCredentialLockController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialLockController.php
@@ -1,6 +1,6 @@
<?php
-final class PassphraseCredentialDestroyController
+final class PassphraseCredentialLockController
extends PassphraseController {
private $id;
@@ -38,7 +38,7 @@
$xactions = array();
$xactions[] = id(new PassphraseCredentialTransaction())
- ->setTransactionType(PassphraseCredentialTransaction::TYPE_DESTROY)
+ ->setTransactionType(PassphraseCredentialTransaction::TYPE_LOCK)
->setNewValue(1);
$editor = id(new PassphraseCredentialTransactionEditor())
@@ -50,16 +50,30 @@
return id(new AphrontRedirectResponse())->setURI($view_uri);
}
- $dialog = id(new AphrontDialogView())
- ->setUser($viewer)
- ->setTitle(pht('Really destroy credential?'))
- ->appendChild(
- pht(
- 'This credential will be deactivated and the secret will be '.
- 'unrecoverably destroyed. Anything relying on this credential will '.
- 'cease to function. This operation can not be undone.'))
- ->addSubmitButton(pht('Destroy Credential'))
- ->addCancelButton($view_uri);
+ if ($credential->getIsLocked()) {
+ $dialog = id(new AphrontDialogView())
+ ->setUser($viewer)
+ ->setTitle(pht('Credential already locked'))
+ ->appendChild(
+ pht(
+ 'This credential has been locked and the secret is '.
+ 'hidden forever. Anything relying on this credential will '.
+ 'still function. This operation can not be undone.'))
+ ->addCancelButton($view_uri);
+ } else {
+ $dialog = id(new AphrontDialogView())
+ ->setUser($viewer)
+ ->setTitle(pht('Really lock credential?'))
+ ->appendChild(
+ pht(
+ 'This credential will be locked and the secret will be '.
+ 'hidden forever. Anything relying on this credential will '.
+ 'still function. This operation can not be undone.'))
+ ->addSubmitButton(pht('Lock Credential'))
+ ->addCancelButton($view_uri);
+ }
+
+
return id(new AphrontDialogResponse())->setDialog($dialog);
}
diff --git a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
@@ -73,24 +73,36 @@
}
$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
- if ($is_serious) {
- $body = pht(
- 'The secret associated with this credential will be shown in plain '.
- 'text on your screen.');
+ $is_locked = $credential->getIsLocked();
+
+ if ($is_locked) {
+ $dialog = id(new AphrontDialogView())
+ ->setUser($viewer)
+ ->setTitle(pht('Credential is locked'))
+ ->appendChild(
+ pht(
+ 'This credential can not be shown, because it is locked.'))
+ ->addCancelButton($view_uri);
} else {
- $body = pht(
- 'The secret associated with this credential will be shown in plain '.
- 'text on your screen. Before continuing, wrap your arms around your '.
- 'monitor to create a human shield, keeping it safe from prying eyes. '.
- 'Protect company secrets!');
+ if ($is_serious) {
+ $body = pht(
+ 'The secret associated with this credential will be shown in plain '.
+ 'text on your screen.');
+ } else {
+ $body = pht(
+ 'The secret associated with this credential will be shown in plain '.
+ 'text on your screen. Before continuing, wrap your arms around '.
+ 'your monitor to create a human shield, keeping it safe from '.
+ 'prying eyes. Protect company secrets!');
+ }
+ $dialog = id(new AphrontDialogView())
+ ->setUser($viewer)
+ ->setTitle(pht('Really show secret?'))
+ ->appendChild($body)
+ ->addSubmitButton(pht('Show Secret'))
+ ->addCancelButton($view_uri);
}
- $dialog = id(new AphrontDialogView())
- ->setUser($viewer)
- ->setTitle(pht('Really show secret?'))
- ->appendChild($body)
- ->addSubmitButton(pht('Show Secret'))
- ->addCancelButton($view_uri);
return id(new AphrontDialogResponse())->setDialog($dialog);
}
diff --git a/src/applications/passphrase/controller/PassphraseCredentialViewController.php b/src/applications/passphrase/controller/PassphraseCredentialViewController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialViewController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialViewController.php
@@ -85,6 +85,15 @@
$id = $credential->getID();
+ $is_locked = $credential->getIsLocked();
+ if ($is_locked) {
+ $credential_lock_text = pht('Locked Permanently');
+ $credential_lock_icon = 'lock';
+ } else {
+ $credential_lock_text = pht('Lock Permanently');
+ $credential_lock_icon = 'unlock';
+ }
+
$actions = id(new PhabricatorActionListView())
->setObjectURI('/K'.$id)
->setUser($viewer);
@@ -116,7 +125,7 @@
->setName(pht('Show Secret'))
->setIcon('preview')
->setHref($this->getApplicationURI("reveal/{$id}/"))
- ->setDisabled(!$can_edit)
+ ->setDisabled(!$can_edit || $is_locked)
->setWorkflow(true));
if ($type->hasPublicKey()) {
@@ -125,8 +134,17 @@
->setName(pht('Show Public Key'))
->setIcon('download-alt')
->setHref($this->getApplicationURI("public/{$id}/"))
- ->setWorkflow(true));
+ ->setWorkflow(true)
+ ->setDisabled($is_locked));
}
+
+ $actions->addAction(
+ id(new PhabricatorActionView())
+ ->setName($credential_lock_text)
+ ->setIcon($credential_lock_icon)
+ ->setHref($this->getApplicationURI("lock/{$id}/"))
+ ->setDisabled($is_locked)
+ ->setWorkflow(true));
}
diff --git a/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php b/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
--- a/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
+++ b/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
@@ -15,6 +15,7 @@
$types[] = PassphraseCredentialTransaction::TYPE_SECRET_ID;
$types[] = PassphraseCredentialTransaction::TYPE_DESTROY;
$types[] = PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET;
+ $types[] = PassphraseCredentialTransaction::TYPE_LOCK;
return $types;
}
@@ -36,6 +37,8 @@
return $object->getSecretID();
case PassphraseCredentialTransaction::TYPE_DESTROY:
return $object->getIsDestroyed();
+ case PassphraseCredentialTransaction::TYPE_LOCK:
+ return $object->getIsLocked();
case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
return null;
}
@@ -53,6 +56,7 @@
case PassphraseCredentialTransaction::TYPE_SECRET_ID:
case PassphraseCredentialTransaction::TYPE_DESTROY:
case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
+ case PassphraseCredentialTransaction::TYPE_LOCK:
return $xaction->getNewValue();
}
return parent::getCustomTransactionNewValue($object, $xaction);
@@ -98,6 +102,9 @@
return;
case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
return;
+ case PassphraseCredentialTransaction::TYPE_LOCK:
+ $object->setIsLocked((int)$xaction->getNewValue());
+ return;
}
return parent::applyCustomInternalTransaction($object, $xaction);
@@ -114,6 +121,7 @@
case PassphraseCredentialTransaction::TYPE_SECRET_ID:
case PassphraseCredentialTransaction::TYPE_DESTROY:
case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
+ case PassphraseCredentialTransaction::TYPE_LOCK:
case PhabricatorTransactions::TYPE_VIEW_POLICY:
case PhabricatorTransactions::TYPE_EDIT_POLICY:
return;
diff --git a/src/applications/passphrase/storage/PassphraseCredential.php b/src/applications/passphrase/storage/PassphraseCredential.php
--- a/src/applications/passphrase/storage/PassphraseCredential.php
+++ b/src/applications/passphrase/storage/PassphraseCredential.php
@@ -12,6 +12,7 @@
protected $username;
protected $secretID;
protected $isDestroyed;
+ protected $isLocked = 0;
private $secret = self::ATTACHABLE;
diff --git a/src/applications/passphrase/storage/PassphraseCredentialTransaction.php b/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
--- a/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
+++ b/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
@@ -9,6 +9,7 @@
const TYPE_SECRET_ID = 'passphrase:secretID';
const TYPE_DESTROY = 'passphrase:destroy';
const TYPE_LOOKEDATSECRET = 'passphrase:lookedAtSecret';
+ const TYPE_LOCK = 'passphrase:lock';
public function getApplicationName() {
return 'passphrase';
@@ -27,6 +28,8 @@
switch ($this->getTransactionType()) {
case self::TYPE_DESCRIPTION:
return ($old === null);
+ case self::TYPE_LOCK:
+ return ($old === null);
case self::TYPE_USERNAME:
return !strlen($old);
case self::TYPE_LOOKEDATSECRET:
@@ -84,6 +87,10 @@
return pht(
'%s examined the secret plaintext for this credential.',
$this->renderHandleLink($author_phid));
+ case self::TYPE_LOCK:
+ return pht(
+ '%s locked this credential.',
+ $this->renderHandleLink($author_phid));
}
return parent::getTitle();
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Mar 23, 6:54 AM (1 w, 5 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7703140
Default Alt Text
D8947.id21225.diff (17 KB)
Attached To
Mode
D8947: Add a "Lock Permanently" action to Passphrase
Attached
Detach File
Event Timeline
Log In to Comment