Remove "phabricator.csrf-key" and upgrade CSRF hashing to SHA256
- Remove the "phabricator.csrf-key" configuration option in favor of automatically generating an HMAC key.
- Upgrade two hasher callsites (one in CSRF itself, one in providing a CSRF secret for logged-out users) to SHA256.
- Extract the CSRF logic from PhabricatorUser to a standalone engine.
I was originally going to do this as two changes (extract logic, then upgrade hashes) but the logic had a couple of very silly pieces to it that made faithful extraction a little silly.
For example, it computed time_block = (epoch + (offset * cycle_frequency)) / cycle_frequency instead of time_block = (epoch / cycle_frequency) + offset. These are equivalent but the former was kind of silly.
It also computed substr(hmac(substr(hmac(secret)).salt)) instead of substr(hmac(secret.salt)). These have the same overall effect but the former is, again, kind of silly (and a little bit materially worse, in this case).
- As a logged-in user, submitted forms normally (worked).
- As a logged-in user, submitted forms with a bad CSRF value (error, as expected).
- As a logged-out user, hit the success and error cases.
- Visually inspected tokens for correct format.
Reviewed By: amckinley
Maniphest Tasks: T12509
Differential Revision: https://secure.phabricator.com/D19946