Prevent locked credentials from being made accessible via conduit

Summary: Via HackerOne. Currently, you can use "Lock Permanently" to lock a credential permanently, but you can still enable Conduit API access to it. This directly contradicts both intent of the setting and its description as presented to the user. Instead: - When a credential is locked, revoke Conduit API access. - Prevent API access from being enabled for locked credentials. - Prevent API access to locked credentials, period. Test Plan: - Created a credential. - Enabled API access. - Locked credential. - Saw API access become disabled. - Tried to enable API access; was rebuffed. - Queried credential via API, wasn't granted access. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D15944
2016-05-18 12:31:20 -07:00
parent 0308d580d7
commit 36006bcb8f
5 changed files with 42 additions and 20 deletions
--- a/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
@@ -33,8 +33,22 @@ final class PassphraseCredentialConduitController
      throw new Exception(pht('Credential has invalid type "%s"!', $type));
    }

+    $is_locked = $credential->getIsLocked();
+
+    if ($is_locked) {
+      return $this->newDialog()
+        ->setUser($viewer)
+        ->setTitle(pht('Credential Locked'))
+        ->appendChild(
+          pht(
+            'This credential can not be made available via Conduit because '.
+            'it is locked.'))
+        ->addCancelButton($view_uri);
+    }
+
    if ($request->isFormPost()) {
      $xactions = array();
+
      $xactions[] = id(new PassphraseCredentialTransaction())
        ->setTransactionType(PassphraseCredentialTransaction::TYPE_CONDUIT)
        ->setNewValue(!$credential->getAllowConduit());