HomePhabricator
Diffusion Phabricator 36006bcb8fcb

Prevent locked credentials from being made accessible via conduit
36006bcb8fcb
Actions

Description

Prevent locked credentials from being made accessible via conduit

Summary:
Via HackerOne. Currently, you can use "Lock Permanently" to lock a credential permanently, but you can still enable Conduit API access to it. This directly contradicts both intent of the setting and its description as presented to the user.

Instead:

  • When a credential is locked, revoke Conduit API access.
  • Prevent API access from being enabled for locked credentials.
  • Prevent API access to locked credentials, period.

Test Plan:

  • Created a credential.
  • Enabled API access.
  • Locked credential.
  • Saw API access become disabled.
  • Tried to enable API access; was rebuffed.
  • Queried credential via API, wasn't granted access.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15944

Details

Provenance
epriestleyAuthored on May 18 2016, 7:31 PM
epriestleyPushed on May 18 2016, 9:54 PM
Reviewer
chad
Differential Revision
D15944: Prevent locked credentials from being made accessible via conduit
Parents
rP0308d580d7df: Deactivate SSH keys instead of destroying them completely
Branches
Unknown
Tags
Unknown
Build Status
Buildable 12265
Build 15499: Run Core Tests

Changes (5)

PathSize
src/
applications/
passphrase/
conduit/
controller/

rP36006bcb8fcb

View Options

src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php

Loading...
View Options

src/applications/passphrase/controller/PassphraseCredentialConduitController.php

Loading...
View Options

src/applications/passphrase/controller/PassphraseCredentialEditController.php

Loading...
View Options

src/applications/passphrase/controller/PassphraseCredentialLockController.php

Loading...
View Options

src/applications/passphrase/controller/PassphraseCredentialViewController.php

Loading...
Phabricator ยท Built by Phacility