Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/editor/PhabricatorAuthSSHKeyEditor.php
Show First 20 Lines • Show All 98 Lines • ▼ Show 20 Lines | final class PhabricatorAuthSSHKeyEditor | ||||
} | } | ||||
protected function validateTransaction( | protected function validateTransaction( | ||||
PhabricatorLiskDAO $object, | PhabricatorLiskDAO $object, | ||||
$type, | $type, | ||||
array $xactions) { | array $xactions) { | ||||
$errors = parent::validateTransaction($object, $type, $xactions); | $errors = parent::validateTransaction($object, $type, $xactions); | ||||
$viewer = $this->requireActor(); | |||||
switch ($type) { | switch ($type) { | ||||
case PhabricatorAuthSSHKeyTransaction::TYPE_NAME: | case PhabricatorAuthSSHKeyTransaction::TYPE_NAME: | ||||
$missing = $this->validateIsEmptyTextField( | $missing = $this->validateIsEmptyTextField( | ||||
$object->getName(), | $object->getName(), | ||||
$xactions); | $xactions); | ||||
if ($missing) { | if ($missing) { | ||||
Show All 29 Lines | switch ($type) { | ||||
try { | try { | ||||
$public_key = PhabricatorAuthSSHPublicKey::newFromRawKey($new); | $public_key = PhabricatorAuthSSHPublicKey::newFromRawKey($new); | ||||
} catch (Exception $ex) { | } catch (Exception $ex) { | ||||
$errors[] = new PhabricatorApplicationTransactionValidationError( | $errors[] = new PhabricatorApplicationTransactionValidationError( | ||||
$type, | $type, | ||||
pht('Invalid'), | pht('Invalid'), | ||||
$ex->getMessage(), | $ex->getMessage(), | ||||
$xaction); | $xaction); | ||||
continue; | |||||
} | |||||
// The database does not have a unique key on just the <keyBody> | |||||
// column because we allow multiple accounts to revoke the same | |||||
// key, so we can't rely on database constraints to prevent users | |||||
// from adding keys that are on the revocation list back to their | |||||
// accounts. Explicitly check for a revoked copy of the key. | |||||
$revoked_keys = id(new PhabricatorAuthSSHKeyQuery()) | |||||
->setViewer($viewer) | |||||
->withObjectPHIDs(array($object->getObjectPHID())) | |||||
->withIsActive(0) | |||||
->withKeys(array($public_key)) | |||||
->execute(); | |||||
if ($revoked_keys) { | |||||
$errors[] = new PhabricatorApplicationTransactionValidationError( | |||||
$type, | |||||
pht('Revoked'), | |||||
pht( | |||||
'This key has been revoked. Choose or generate a new, '. | |||||
'unique key.'), | |||||
$xaction); | |||||
continue; | |||||
} | } | ||||
} | } | ||||
} | } | ||||
break; | break; | ||||
case PhabricatorAuthSSHKeyTransaction::TYPE_DEACTIVATE: | case PhabricatorAuthSSHKeyTransaction::TYPE_DEACTIVATE: | ||||
foreach ($xactions as $xaction) { | foreach ($xactions as $xaction) { | ||||
if (!$xaction->getNewValue()) { | if (!$xaction->getNewValue()) { | ||||
▲ Show 20 Lines • Show All 123 Lines • Show Last 20 Lines |