2011-06-14 12:17:14 -07:00
|
|
|
<?php
|
|
|
|
|
|
2011-07-04 12:03:36 -07:00
|
|
|
/**
|
|
|
|
|
* @group conduit
|
|
|
|
|
*/
|
2012-03-09 15:46:25 -08:00
|
|
|
final class PhabricatorConduitTokenController
|
|
|
|
|
extends PhabricatorConduitController {
|
2011-06-14 12:17:14 -07:00
|
|
|
|
|
|
|
|
public function processRequest() {
|
|
|
|
|
|
|
|
|
|
$user = $this->getRequest()->getUser();
|
|
|
|
|
|
2011-08-17 12:00:35 -07:00
|
|
|
// Ideally we'd like to verify this, but it's fine to leave it unguarded
|
|
|
|
|
// for now and verifying it would need some Ajax junk or for the user to
|
|
|
|
|
// click a button or similar.
|
|
|
|
|
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
|
|
|
|
|
2011-06-14 12:17:14 -07:00
|
|
|
$old_token = id(new PhabricatorConduitCertificateToken())
|
|
|
|
|
->loadOneWhere(
|
|
|
|
|
'userPHID = %s',
|
|
|
|
|
$user->getPHID());
|
|
|
|
|
if ($old_token) {
|
|
|
|
|
$old_token->delete();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$token = id(new PhabricatorConduitCertificateToken())
|
|
|
|
|
->setUserPHID($user->getPHID())
|
Replace callsites to sha1() that use it to asciify entropy with
Filesystem::readRandomCharacters()
Summary: See T547. To improve auditability of use of crypto-sensitive hash
functions, use Filesystem::readRandomCharacters() in place of
sha1(Filesystem::readRandomBytes()) when we're just generating random ASCII
strings.
Test Plan:
- Generated a new PHID.
- Logged out and logged back in (to test sessions).
- Regenerated Conduit certificate.
- Created a new task, verified mail key generated sensibly.
- Created a new revision, verified mail key generated sensibly.
- Ran "arc list", got blocked, installed new certificate, ran "arc list"
again.
Reviewers: jungejason, nh, tuomaspelkonen, aran, benmathews
Reviewed By: jungejason
CC: aran, epriestley, jungejason
Differential Revision: 1000
2011-10-10 19:22:30 -07:00
|
|
|
->setToken(Filesystem::readRandomCharacters(40))
|
2011-06-14 12:17:14 -07:00
|
|
|
->save();
|
|
|
|
|
|
2013-07-01 12:36:34 -07:00
|
|
|
unset($unguarded);
|
|
|
|
|
|
|
|
|
|
$pre_instructions = pht(
|
|
|
|
|
'Copy and paste this token into the prompt given to you by '.
|
|
|
|
|
'`arc install-certificate`');
|
|
|
|
|
|
|
|
|
|
$post_instructions = pht(
|
|
|
|
|
'After you copy and paste this token, `arc` will complete '.
|
|
|
|
|
'the certificate install process for you.');
|
|
|
|
|
|
|
|
|
|
$form = id(new AphrontFormView())
|
|
|
|
|
->setUser($user)
|
|
|
|
|
->appendRemarkupInstructions($pre_instructions)
|
|
|
|
|
->appendChild(
|
|
|
|
|
id(new AphrontFormTextAreaControl())
|
|
|
|
|
->setLabel(pht('Token'))
|
|
|
|
|
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT)
|
|
|
|
|
->setValue($token->getToken()))
|
|
|
|
|
->appendRemarkupInstructions($post_instructions);
|
|
|
|
|
|
|
|
|
|
$crumbs = $this->buildApplicationCrumbs();
|
2013-12-18 17:47:34 -08:00
|
|
|
$crumbs->addTextCrumb(pht('Install Certificate'));
|
2013-07-01 12:36:34 -07:00
|
|
|
|
2013-10-29 14:54:10 -07:00
|
|
|
$object_box = id(new PHUIObjectBoxView())
|
|
|
|
|
->setHeaderText(pht('Certificate Token'))
|
|
|
|
|
->setForm($form);
|
|
|
|
|
|
2013-07-01 12:36:34 -07:00
|
|
|
return $this->buildApplicationPage(
|
|
|
|
|
array(
|
|
|
|
|
$crumbs,
|
2013-10-29 14:54:10 -07:00
|
|
|
$object_box,
|
2013-07-01 12:36:34 -07:00
|
|
|
),
|
2011-06-14 12:17:14 -07:00
|
|
|
array(
|
2013-07-01 12:36:34 -07:00
|
|
|
'title' => pht('Certificate Install Token'),
|
|
|
|
|
'device' => true,
|
2011-06-14 12:17:14 -07:00
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
}
|
