OAuthServer - hide client secret behind a "View Secret" action

Summary: ...also adds policies on who can view and who can edit an action. Fixes T6949.

Test Plan: viewed a secret through the new UI and it worked

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6949

Differential Revision: https://secure.phabricator.com/D11401

src/applications/oauthserver/controller/client/PhabricatorOAuthClientEditController.php

@@ -64,6 +64,8 @@ final class PhabricatorOAuthClientEditController
         $e_redirect = pht('Invalid');
       }
 
+      $client->setViewPolicy($request->getStr('viewPolicy'));
+      $client->setEditPolicy($request->getStr('editPolicy'));
       if (!$errors) {
         $client->save();
         $view_uri = $client->getViewURI();
@@ -71,6 +73,11 @@ final class PhabricatorOAuthClientEditController
       }
     }
 
+    $policies = id(new PhabricatorPolicyQuery())
+      ->setViewer($viewer)
+      ->setObject($client)
+      ->execute();
+
     $form = id(new AphrontFormView())
       ->setUser($viewer)
       ->appendChild(
@@ -85,6 +92,20 @@ final class PhabricatorOAuthClientEditController
           ->setName('redirect_uri')
           ->setValue($client->getRedirectURI())
           ->setError($e_redirect))
+      ->appendChild(
+        id(new AphrontFormPolicyControl())
+          ->setUser($viewer)
+          ->setCapability(PhabricatorPolicyCapability::CAN_VIEW)
+          ->setPolicyObject($client)
+          ->setPolicies($policies)
+          ->setName('viewPolicy'))
+      ->appendChild(
+        id(new AphrontFormPolicyControl())
+          ->setUser($viewer)
+          ->setCapability(PhabricatorPolicyCapability::CAN_EDIT)
+          ->setPolicyObject($client)
+          ->setPolicies($policies)
+          ->setName('editPolicy'))
       ->appendChild(
         id(new AphrontFormSubmitControl())
           ->addCancelButton($cancel_uri)

src/applications/oauthserver/controller/client/PhabricatorOAuthClientSecretController.php

@@ -0,0 +1,70 @@
+<?php
+
+final class PhabricatorOAuthClientSecretController
+  extends PhabricatorOAuthClientController {
+
+  public function handleRequest(AphrontRequest $request) {
+    $viewer = $request->getUser();
+
+    $client = id(new PhabricatorOAuthServerClientQuery())
+      ->setViewer($viewer)
+      ->withPHIDs(array($this->getClientPHID()))
+      ->requireCapabilities(
+        array(
+          PhabricatorPolicyCapability::CAN_VIEW,
+          PhabricatorPolicyCapability::CAN_EDIT,
+        ))
+      ->executeOne();
+    if (!$client) {
+      return new Aphront404Response();
+    }
+
+    $view_uri = $client->getViewURI();
+    $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
+      $viewer,
+      $request,
+      $view_uri);
+
+    if ($request->isFormPost()) {
+      $secret = $client->getSecret();
+      $body = id(new PHUIFormLayoutView())
+        ->appendChild(
+          id(new AphrontFormTextAreaControl())
+          ->setLabel(pht('Plaintext'))
+          ->setReadOnly(true)
+          ->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT)
+          ->setValue($secret));
+
+      $dialog = id(new AphrontDialogView())
+        ->setUser($viewer)
+        ->setWidth(AphrontDialogView::WIDTH_FORM)
+        ->setTitle(pht('Application Secret'))
+        ->appendChild($body)
+        ->addCancelButton($view_uri, pht('Done'));
+
+      return id(new AphrontDialogResponse())->setDialog($dialog);
+    }
+
+
+    $is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
+
+    if ($is_serious) {
+      $body = pht(
+        'The secret associated with this oauth application will be shown in '.
+        'plain text on your screen.');
+    } else {
+      $body = pht(
+        'The secret associated with this oauth application will be shown in '.
+        'plain text on your screen. Before continuing, wrap your arms around '.
+        'your monitor to create a human shield, keeping it safe from prying '.
+        'eyes. Protect company secrets!');
+    }
+    return $this->newDialog()
+      ->setUser($viewer)
+      ->setTitle(pht('Really show application secret?'))
+      ->appendChild($body)
+      ->addSubmitButton(pht('Show Application Secret'))
+      ->addCancelButton($view_uri);
+  }
+
+}

src/applications/oauthserver/controller/client/PhabricatorOAuthClientViewController.php

@@ -62,6 +62,8 @@ final class PhabricatorOAuthClientViewController
       ->withClientPHIDs(array($client->getPHID()))
       ->executeOne();
     $is_authorized = (bool)$authorization;
+    $id = $client->getID();
+    $phid = $client->getPHID();
 
     $view = id(new PhabricatorActionListView())
       ->setUser($viewer);
@@ -74,6 +76,14 @@ final class PhabricatorOAuthClientViewController
         ->setDisabled(!$can_edit)
         ->setHref($client->getEditURI()));
 
+    $view->addAction(
+      id(new PhabricatorActionView())
+        ->setName(pht('Show Application Secret'))
+        ->setIcon('fa-eye')
+        ->setHref($this->getApplicationURI("client/secret/{$phid}/"))
+        ->setDisabled(!$can_edit)
+        ->setWorkflow(true));
+
     $view->addAction(
       id(new PhabricatorActionView())
         ->setName(pht('Delete Application'))
@@ -88,7 +98,7 @@ final class PhabricatorOAuthClientViewController
         ->setIcon('fa-wrench')
         ->setWorkflow(true)
         ->setDisabled($is_authorized)
-        ->setHref($this->getApplicationURI('test/'.$client->getID().'/')));
+        ->setHref($this->getApplicationURI('test/'.$id.'/')));
 
     return $view;
   }
@@ -103,10 +113,6 @@ final class PhabricatorOAuthClientViewController
       pht('Client ID'),
       $client->getPHID());
 
-    $view->addProperty(
-      pht('Client Secret'),
-      $client->getSecret());
-
     $view->addProperty(
       pht('Redirect URI'),
       $client->getRedirectURI());