Changeset View
Changeset View
Standalone View
Standalone View
src/applications/diffusion/editor/DiffusionURIEditor.php
Show First 20 Lines • Show All 64 Lines • ▼ Show 20 Lines | final class DiffusionURIEditor | ||||
} | } | ||||
protected function applyCustomInternalTransaction( | protected function applyCustomInternalTransaction( | ||||
PhabricatorLiskDAO $object, | PhabricatorLiskDAO $object, | ||||
PhabricatorApplicationTransaction $xaction) { | PhabricatorApplicationTransaction $xaction) { | ||||
switch ($xaction->getTransactionType()) { | switch ($xaction->getTransactionType()) { | ||||
case PhabricatorRepositoryURITransaction::TYPE_URI: | case PhabricatorRepositoryURITransaction::TYPE_URI: | ||||
if (!$this->getIsNewObject()) { | |||||
$old_uri = $object->getEffectiveURI(); | |||||
} else { | |||||
$old_uri = null; | |||||
} | |||||
$object->setURI($xaction->getNewValue()); | $object->setURI($xaction->getNewValue()); | ||||
// If we've changed the domain or protocol of the URI, remove the | |||||
// current credential. This improves behavior in several cases: | |||||
// If a user switches between protocols with different credential | |||||
// types, like HTTP and SSH, the old credential won't be valid anyway. | |||||
// It's cleaner to remove it than leave a bad credential in place. | |||||
// If a user switches hosts, the old credential is probably not | |||||
// correct (and potentially confusing/misleading). Removing it forces | |||||
// users to double check that they have the correct credentials. | |||||
// If an attacker can't see a symmetric credential like a username and | |||||
// password, they could still potentially capture it by changing the | |||||
// host for a URI that uses it to `evil.com`, a server they control, | |||||
// then observing the requests. Removing the credential prevents this | |||||
// kind of escalation. | |||||
// Since port and path changes are less likely to fall among these | |||||
// cases, they don't trigger a credential wipe. | |||||
$new_uri = $object->getEffectiveURI(); | |||||
if ($old_uri) { | |||||
$new_proto = ($old_uri->getProtocol() != $new_uri->getProtocol()); | |||||
$new_domain = ($old_uri->getDomain() != $new_uri->getDomain()); | |||||
if ($new_proto || $new_domain) { | |||||
$object->setCredentialPHID(null); | |||||
} | |||||
} | |||||
break; | break; | ||||
case PhabricatorRepositoryURITransaction::TYPE_IO: | case PhabricatorRepositoryURITransaction::TYPE_IO: | ||||
$object->setIOType($xaction->getNewValue()); | $object->setIOType($xaction->getNewValue()); | ||||
break; | break; | ||||
case PhabricatorRepositoryURITransaction::TYPE_DISPLAY: | case PhabricatorRepositoryURITransaction::TYPE_DISPLAY: | ||||
$object->setDisplayType($xaction->getNewValue()); | $object->setDisplayType($xaction->getNewValue()); | ||||
break; | break; | ||||
case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY: | case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY: | ||||
▲ Show 20 Lines • Show All 97 Lines • ▼ Show 20 Lines | switch ($type) { | ||||
$viewer = $this->getActor(); | $viewer = $this->getActor(); | ||||
foreach ($xactions as $xaction) { | foreach ($xactions as $xaction) { | ||||
$credential_phid = $xaction->getNewValue(); | $credential_phid = $xaction->getNewValue(); | ||||
if ($credential_phid == $object->getCredentialPHID()) { | if ($credential_phid == $object->getCredentialPHID()) { | ||||
continue; | continue; | ||||
} | } | ||||
// Anyone who can edit a URI can remove the credential. | |||||
if ($credential_phid === null) { | |||||
continue; | |||||
} | |||||
$credential = id(new PassphraseCredentialQuery()) | $credential = id(new PassphraseCredentialQuery()) | ||||
->setViewer($viewer) | ->setViewer($viewer) | ||||
->withPHIDs(array($credential_phid)) | ->withPHIDs(array($credential_phid)) | ||||
->executeOne(); | ->executeOne(); | ||||
if (!$credential) { | if (!$credential) { | ||||
$errors[] = new PhabricatorApplicationTransactionValidationError( | $errors[] = new PhabricatorApplicationTransactionValidationError( | ||||
$type, | $type, | ||||
pht('Invalid'), | pht('Invalid'), | ||||
▲ Show 20 Lines • Show All 179 Lines • Show Last 20 Lines |