Paths

Table of Contentst

Differential D15641

Scramble file secrets when related objects change policies
ClosedPublic
Actions

Authored by epriestley on Apr 6 2016, 7:28 PM.

Tags

None

Referenced Files

	F14008612: D15641.id37701.diff
	Wed, Oct 30, 2:14 AM

	F13984780: D15641.id.diff
	Oct 20 2024, 3:57 PM

	F13980924: D15641.diff
	Oct 19 2024, 1:21 PM

	F13973238: D15641.id37690.diff
	Oct 18 2024, 12:00 AM

	Unknown Object (File)
	Sep 30 2024, 8:05 PM

	Unknown Object (File)
	Sep 23 2024, 3:59 PM

	Unknown Object (File)
	Sep 12 2024, 8:58 PM

	Unknown Object (File)
	Sep 12 2024, 8:56 PM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T10262: Scramble file secrets when attached objects change their view policies

Commits

rPf9836cb646f8: Scramble file secrets when related objects change policies

Summary

Ref T10262. Files have an internal secret key which is partially used to control access to them, and determines part of the URL you need to access them. Scramble (regenerate) the secret when:

the view policy for the file itself changes (and the new policy is not "public" or "all users"); or
the view policy or space for an object the file is attached to changes (and the file policy is not "public" or "all users").

This basically means that when you change the visibility of a task, any old URLs for attached files stop working and new ones are implicitly generated.

Test Plan

Attached a file to a task, used SELECT * FROM file WHERE id = ... to inspect the secret.
Set view policy to public, same secret.
Set view policy to me, new secret.
Changed task view policy, new secret.
Changed task space, new secret.
Changed task title, same old secret.
Added and ran unit tests which cover this behavior.

Diff Detail

Repository

Branch

fpolicy1

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 11556
Build 14435: Run Core Tests
Build 14434: arc lint + arc unit

Event Timeline

epriestley updated this revision to Diff 37690.Apr 6 2016, 7:28 PM

epriestley retitled this revision from to Scramble file secrets when related objects change policies.

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: chad.

epriestley added a task: T10262: Scramble file secrets when attached objects change their view policies.

epriestley mentioned this in T10262: Scramble file secrets when attached objects change their view policies.Apr 6 2016, 7:30 PM

should we have some unit tests for this?

This revision is now accepted and ready to land.Apr 6 2016, 7:33 PM

epriestley added inline comments.Apr 6 2016, 7:33 PM

src/applications/files/storage/__tests__/PhabricatorFileTestCase.php
11–135	^^^

well obviously I read everything,

｡ﾟ･（>﹏<）･ﾟ｡

Closed by commit rPf9836cb646f8: Scramble file secrets when related objects change policies (authored by epriestley, committed by epriestley). · Explain WhyApr 6 2016, 9:14 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

files/

storage/

PhabricatorFile.php

4 lines

__tests__/

PhabricatorFileTestCase.php

127 lines

transactions/

editor/

PhabricatorApplicationTransactionEditor.php

65 lines

Diff 37690

src/applications/files/storage/PhabricatorFile.php

Loading...

src/applications/files/storage/tests/PhabricatorFileTestCase.php

Loading...

src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php

Loading...