archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Provide a setting which forces all file views to be served from an alternate

Browse Source 
domain

Summary:
See D758, D759.

  - Provide a strongly recommended setting which permits configuration of an
alternate domain.
  - Lock cookies down better: set them on the exact domain, and use SSL-only if
the configuration is HTTPS.
  - Prevent Phabriator from setting cookies on other domains.

This assumes D759 will land, it is not effective without that change.

Test Plan:
  - Attempted to login from a different domain and was rejected.
  - Logged out, logged back in normally.
  - Put install in setup mode and verified it revealed a warning.
  - Configured an alterate domain.
  - Tried to view an image with an old URI, got a 400.
  - Went to /files/ and verified links rendered to the alternate domain.
  - Viewed an alternate domain file.
  - Tried to view an alternate domain file without the secret key, got a 404.

Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock
CC: aran
Differential Revision: 760
This commit is contained in:
epriestley
2011-08-01 22:24:00 -07:00
parent 355b753df7
commit 68c30e1a71
15 changed files with 224 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
src/applications/files/controller/altview/PhabricatorFileAltViewController.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
/*
* Copyright 2011 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class PhabricatorFileAltViewController extends PhabricatorFileController {
private $phid;
private $key;
public function willProcessRequest(array $data) {
$this->phid = $data['phid'];
$this->key = $data['key'];
}
public function shouldRequireLogin() {
return false;
}
public function processRequest() {
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
if (!$alt) {
return new Aphront400Response();
}
$request = $this->getRequest();
$alt_domain = id(new PhutilURI($alt))->getDomain();
if ($alt_domain != $request->getHost()) {
return new Aphront400Response();
}
$file = id(new PhabricatorFile())->loadOneWhere(
'phid = %s',
$this->phid);
if (!$file) {
return new Aphront404Response();
}
if (!$file->validateSecretKey($this->key)) {
return new Aphront404Response();
}
// It's safe to bypass view restrictions because we know we are being served
// off an alternate domain which we will not set cookies on.
$data = $file->loadFileData();
$response = new AphrontFileResponse();
$response->setContent($data);
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
return $response;
}
}

20
src/applications/files/controller/altview/__init__.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
/**
* This file is automatically generated. Lint this module to rebuild it.
* @generated
*/
phutil_require_module('phabricator', 'aphront/response/400');
phutil_require_module('phabricator', 'aphront/response/404');
phutil_require_module('phabricator', 'aphront/response/file');
phutil_require_module('phabricator', 'applications/files/controller/base');
phutil_require_module('phabricator', 'applications/files/storage/file');
phutil_require_module('phabricator', 'infrastructure/env');
phutil_require_module('phutil', 'parser/uri');
phutil_require_module('phutil', 'utils');
phutil_require_source('PhabricatorFileAltViewController.php');

2
src/applications/files/controller/list/PhabricatorFileListController.php
View File

@@ -75,7 +75,7 @@ class PhabricatorFileListController extends PhabricatorFileController {
'a',
array(
'class' => 'small button grey',
'href' => '/file/view/'.$file->getPHID().'/',
'href' => $file->getViewURI(),
),
'View');
} else {

14
src/applications/files/controller/view/PhabricatorFileViewController.php
View File

@@ -71,6 +71,18 @@ class PhabricatorFileViewController extends PhabricatorFileController {
$mime_type = $file->getViewableMimeType();
}
// If an alternate file domain is configured, forbid all views which
// don't originate from it.
if (!$download) {
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
if ($alt) {
$domain = id(new PhutilURI($alt))->getDomain();
if ($domain != $request->getHost()) {
return new Aphront400Response();
}
}
}
$response->setMimeType($mime_type);
if ($download) {
@@ -98,7 +110,7 @@ class PhabricatorFileViewController extends PhabricatorFileController {
$form = new AphrontFormView();
if ($file->isViewableInBrowser()) {
$form->setAction('/file/view/'.$file->getPHID().'/');
$form->setAction($file->getViewURI());
$button_name = 'View File';
} else {
$form->setAction('/file/download/'.$file->getPHID().'/');

2
src/applications/files/controller/view/__init__.php
View File

@@ -15,6 +15,7 @@ phutil_require_module('phabricator', 'applications/files/storage/file');
phutil_require_module('phabricator', 'applications/files/storage/transformed');
phutil_require_module('phabricator', 'applications/files/uri');
phutil_require_module('phabricator', 'applications/people/storage/user');
phutil_require_module('phabricator', 'infrastructure/env');
phutil_require_module('phabricator', 'view/control/table');
phutil_require_module('phabricator', 'view/form/base');
phutil_require_module('phabricator', 'view/form/control/static');
@@ -23,6 +24,7 @@ phutil_require_module('phabricator', 'view/layout/panel');
phutil_require_module('phabricator', 'view/utils');
phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'parser/uri');
phutil_require_module('phutil', 'utils');