diff --git a/src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php b/src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php index c0bbc59ff0..631cef8c96 100644 --- a/src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php +++ b/src/applications/almanac/management/AlmanacManagementTrustKeyWorkflow.php @@ -1,90 +1,92 @@ setName('trust-key') ->setSynopsis(pht('Mark a public key as trusted.')) ->setArguments( array( array( 'name' => 'id', 'param' => 'id', 'help' => pht('ID of the key to trust.'), ), )); } public function execute(PhutilArgumentParser $args) { $console = PhutilConsole::getConsole(); $id = $args->getArg('id'); if (!$id) { throw new PhutilArgumentUsageException( pht('Specify a public key to trust with --id.')); } $key = id(new PhabricatorAuthSSHKeyQuery()) ->setViewer($this->getViewer()) ->withIDs(array($id)) ->executeOne(); if (!$key) { throw new PhutilArgumentUsageException( pht('No public key exists with ID "%s".', $id)); } if (!$key->getIsActive()) { throw new PhutilArgumentUsageException( pht('Public key "%s" is not an active key.', $id)); } if ($key->getIsTrusted()) { throw new PhutilArgumentUsageException( pht('Public key with ID %s is already trusted.', $id)); } if (!($key->getObject() instanceof AlmanacDevice)) { throw new PhutilArgumentUsageException( pht('You can only trust keys associated with Almanac devices.')); } $handle = id(new PhabricatorHandleQuery()) ->setViewer($this->getViewer()) ->withPHIDs(array($key->getObject()->getPHID())) ->executeOne(); $console->writeOut( "** %s **\n\n%s\n\n%s\n\n%s", pht('IMPORTANT!'), phutil_console_wrap( pht( 'Trusting a public key gives anyone holding the corresponding '. 'private key complete, unrestricted access to all data in '. 'Phabricator. The private key will be able to sign requests that '. 'skip policy and security checks.')), phutil_console_wrap( pht( 'This is an advanced feature which should normally be used only '. 'when building a Phabricator cluster. This feature is very '. 'dangerous if misused.')), pht('This key is associated with device "%s".', $handle->getName())); $prompt = pht( 'Really trust this key?'); if (!phutil_console_confirm($prompt)) { throw new PhutilArgumentUsageException( pht('User aborted workflow.')); } $key->setIsTrusted(1); $key->save(); + PhabricatorAuthSSHKeyQuery::deleteSSHKeyCache(); + $console->writeOut( "** %s ** %s\n", pht('TRUSTED'), pht('Key %s has been marked as trusted.', $id)); } } diff --git a/src/applications/almanac/management/AlmanacManagementUntrustKeyWorkflow.php b/src/applications/almanac/management/AlmanacManagementUntrustKeyWorkflow.php index 6ad427eeae..6dc7a21aa3 100644 --- a/src/applications/almanac/management/AlmanacManagementUntrustKeyWorkflow.php +++ b/src/applications/almanac/management/AlmanacManagementUntrustKeyWorkflow.php @@ -1,52 +1,54 @@ setName('untrust-key') ->setSynopsis(pht('Revoke trust of a public key.')) ->setArguments( array( array( 'name' => 'id', 'param' => 'id', 'help' => pht('ID of the key to revoke trust for.'), ), )); } public function execute(PhutilArgumentParser $args) { $console = PhutilConsole::getConsole(); $id = $args->getArg('id'); if (!$id) { throw new PhutilArgumentUsageException( pht('Specify a public key to revoke trust for with --id.')); } $key = id(new PhabricatorAuthSSHKeyQuery()) ->setViewer($this->getViewer()) ->withIDs(array($id)) ->executeOne(); if (!$key) { throw new PhutilArgumentUsageException( pht('No public key exists with ID "%s".', $id)); } if (!$key->getIsTrusted()) { throw new PhutilArgumentUsageException( pht('Public key with ID %s is not trusted.', $id)); } $key->setIsTrusted(0); $key->save(); + PhabricatorAuthSSHKeyQuery::deleteSSHKeyCache(); + $console->writeOut( "** %s ** %s\n", pht('TRUST REVOKED'), pht('Trust has been revoked for public key %s.', $id)); } }