Page MenuHomePhabricator
Differential D15829 Diff 38138 src/applications/diffusion/editor/DiffusionURIEditor.php

Changeset View

Standalone View

View Options

src/applications/diffusion/editor/DiffusionURIEditor.php

Show First 20 LinesShow All 64 Lines▼ Show 20 Linesfinal class DiffusionURIEditor
} }
protected function applyCustomInternalTransaction( protected function applyCustomInternalTransaction(
PhabricatorLiskDAO $object, PhabricatorLiskDAO $object,
PhabricatorApplicationTransaction $xaction) { PhabricatorApplicationTransaction $xaction) {
switch ($xaction->getTransactionType()) { switch ($xaction->getTransactionType()) {
case PhabricatorRepositoryURITransaction::TYPE_URI: case PhabricatorRepositoryURITransaction::TYPE_URI:
if (!$this->getIsNewObject()) {
$old_uri = $object->getEffectiveURI();
} else {
$old_uri = null;
}
$object->setURI($xaction->getNewValue()); $object->setURI($xaction->getNewValue());
// If we've changed the domain or protocol of the URI, remove the
// current credential. This improves behavior in several cases:
// If a user switches between protocols with different credential
// types, like HTTP and SSH, the old credential won't be valid anyway.
// It's cleaner to remove it than leave a bad credential in place.
// If a user switches hosts, the old credential is probably not
// correct (and potentially confusing/misleading). Removing it forces
// users to double check that they have the correct credentials.
// If an attacker can't see a symmetric credential like a username and
// password, they could still potentially capture it by changing the
// host for a URI that uses it to `evil.com`, a server they control,
// then observing the requests. Removing the credential prevents this
// kind of escalation.
// Since port and path changes are less likely to fall among these
// cases, they don't trigger a credential wipe.
$new_uri = $object->getEffectiveURI();
if ($old_uri) {
$new_proto = ($old_uri->getProtocol() != $new_uri->getProtocol());
$new_domain = ($old_uri->getDomain() != $new_uri->getDomain());
if ($new_proto || $new_domain) {
$object->setCredentialPHID(null);
}
}
break; break;
case PhabricatorRepositoryURITransaction::TYPE_IO: case PhabricatorRepositoryURITransaction::TYPE_IO:
$object->setIOType($xaction->getNewValue()); $object->setIOType($xaction->getNewValue());
break; break;
case PhabricatorRepositoryURITransaction::TYPE_DISPLAY: case PhabricatorRepositoryURITransaction::TYPE_DISPLAY:
$object->setDisplayType($xaction->getNewValue()); $object->setDisplayType($xaction->getNewValue());
break; break;
case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY: case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY:
▲ Show 20 LinesShow All 97 Lines▼ Show 20 Lines switch ($type) {
$viewer = $this->getActor(); $viewer = $this->getActor();
foreach ($xactions as $xaction) { foreach ($xactions as $xaction) {
$credential_phid = $xaction->getNewValue(); $credential_phid = $xaction->getNewValue();
if ($credential_phid == $object->getCredentialPHID()) { if ($credential_phid == $object->getCredentialPHID()) {
continue; continue;
} }
// Anyone who can edit a URI can remove the credential.
if ($credential_phid === null) {
continue;
}
$credential = id(new PassphraseCredentialQuery()) $credential = id(new PassphraseCredentialQuery())
->setViewer($viewer) ->setViewer($viewer)
->withPHIDs(array($credential_phid)) ->withPHIDs(array($credential_phid))
->executeOne(); ->executeOne();
if (!$credential) { if (!$credential) {
$errors[] = new PhabricatorApplicationTransactionValidationError( $errors[] = new PhabricatorApplicationTransactionValidationError(
$type, $type,
pht('Invalid'), pht('Invalid'),
▲ Show 20 LinesShow All 179 LinesShow Last 20 Lines
Phabricator · Built by Phacility