No OneTemporary
Actions

Size

13 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
	index 88de484955..7599337f25 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
	@@ -1,75 +1,87 @@
	<?php

	final class PassphraseCredentialRevealController
	extends PassphraseController {

	private $id;

	public function willProcessRequest(array $data) {
	$this->id = $data['id'];
	}

	public function processRequest() {
	$request = $this->getRequest();
	$viewer = $request->getUser();

	$credential = id(new PassphraseCredentialQuery())
	->setViewer($viewer)
	->withIDs(array($this->id))
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	))
	->needSecrets(true)
	->executeOne();
	if (!$credential) {
	return new Aphront404Response();
	}

	$view_uri = '/K'.$credential->getID();

	if ($request->isFormPost()) {
	if ($credential->getSecret()) {
	$body = id(new PHUIFormLayoutView())
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setLabel(pht('Plaintext'))
	+ ->setReadOnly(true)
	->setValue($credential->getSecret()->openEnvelope()));
	} else {
	$body = pht('This credential has no associated secret.');
	}

	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->setTitle(pht('Credential Secret'))
	->appendChild($body)
	->addCancelButton($view_uri, pht('Done'));

	+ $type_secret = PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET;
	+ $xactions = array(id(new PassphraseCredentialTransaction())
	+ ->setTransactionType($type_secret)
	+ ->setNewValue(true));
	+
	+ $editor = id(new PassphraseCredentialTransactionEditor())
	+ ->setActor($viewer)
	+ ->setContinueOnNoEffect(true)
	+ ->setContentSourceFromRequest($request)
	+ ->applyTransactions($credential, $xactions);
	+
	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
	if ($is_serious) {
	$body = pht(
	'The secret associated with this credential will be shown in plain '.
	'text on your screen.');
	} else {
	$body = pht(
	'The secret associated with this credential will be shown in plain '.
	'text on your screen. Before continuing, wrap your arms around your '.
	'monitor to create a human shield, keeping it safe from prying eyes. '.
	'Protect company secrets!');
	}

	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->setTitle(pht('Really show secret?'))
	->appendChild($body)
	->addSubmitButton(pht('Show Secret'))
	->addCancelButton($view_uri);

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	}
	diff --git a/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php b/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
	index 126833e0ee..77fae20c5e 100644
	--- a/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
	+++ b/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
	@@ -1,173 +1,180 @@
	<?php

	final class PassphraseCredentialTransactionEditor
	extends PhabricatorApplicationTransactionEditor {

	public function getTransactionTypes() {
	$types = parent::getTransactionTypes();

	$types[] = PhabricatorTransactions::TYPE_VIEW_POLICY;
	$types[] = PhabricatorTransactions::TYPE_EDIT_POLICY;

	$types[] = PassphraseCredentialTransaction::TYPE_NAME;
	$types[] = PassphraseCredentialTransaction::TYPE_DESCRIPTION;
	$types[] = PassphraseCredentialTransaction::TYPE_USERNAME;
	$types[] = PassphraseCredentialTransaction::TYPE_SECRET_ID;
	$types[] = PassphraseCredentialTransaction::TYPE_DESTROY;
	+ $types[] = PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET;

	return $types;
	}

	protected function getCustomTransactionOldValue(
	PhabricatorLiskDAO $object,
	PhabricatorApplicationTransaction $xaction) {
	switch ($xaction->getTransactionType()) {
	case PassphraseCredentialTransaction::TYPE_NAME:
	if ($this->getIsNewObject()) {
	return null;
	}
	return $object->getName();
	case PassphraseCredentialTransaction::TYPE_DESCRIPTION:
	return $object->getDescription();
	case PassphraseCredentialTransaction::TYPE_USERNAME:
	return $object->getUsername();
	case PassphraseCredentialTransaction::TYPE_SECRET_ID:
	return $object->getSecretID();
	case PassphraseCredentialTransaction::TYPE_DESTROY:
	return $object->getIsDestroyed();
	+ case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
	+ return null;
	}

	return parent::getCustomTransactionOldValue($object, $xaction);
	}

	protected function getCustomTransactionNewValue(
	PhabricatorLiskDAO $object,
	PhabricatorApplicationTransaction $xaction) {
	switch ($xaction->getTransactionType()) {
	case PassphraseCredentialTransaction::TYPE_NAME:
	case PassphraseCredentialTransaction::TYPE_DESCRIPTION:
	case PassphraseCredentialTransaction::TYPE_USERNAME:
	case PassphraseCredentialTransaction::TYPE_SECRET_ID:
	case PassphraseCredentialTransaction::TYPE_DESTROY:
	+ case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
	return $xaction->getNewValue();
	}
	return parent::getCustomTransactionNewValue($object, $xaction);
	}

	protected function applyCustomInternalTransaction(
	PhabricatorLiskDAO $object,
	PhabricatorApplicationTransaction $xaction) {
	switch ($xaction->getTransactionType()) {
	case PassphraseCredentialTransaction::TYPE_NAME:
	$object->setName($xaction->getNewValue());
	return;
	case PassphraseCredentialTransaction::TYPE_DESCRIPTION:
	$object->setDescription($xaction->getNewValue());
	return;
	case PassphraseCredentialTransaction::TYPE_USERNAME:
	$object->setUsername($xaction->getNewValue());
	return;
	case PassphraseCredentialTransaction::TYPE_SECRET_ID:
	$old_id = $object->getSecretID();
	if ($old_id) {
	$this->destroySecret($old_id);
	}
	$object->setSecretID($xaction->getNewValue());
	return;
	case PassphraseCredentialTransaction::TYPE_DESTROY:
	// When destroying a credential, wipe out its secret.
	$is_destroyed = $xaction->getNewValue();
	$object->setIsDestroyed($is_destroyed);
	if ($is_destroyed) {
	$secret_id = $object->getSecretID();
	if ($secret_id) {
	$this->destroySecret($secret_id);
	$object->setSecretID(null);
	}
	}
	return;
	case PhabricatorTransactions::TYPE_VIEW_POLICY:
	$object->setViewPolicy($xaction->getNewValue());
	return;
	case PhabricatorTransactions::TYPE_EDIT_POLICY:
	$object->setEditPolicy($xaction->getNewValue());
	return;
	+ case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
	+ return;
	}

	return parent::applyCustomInternalTransaction($object, $xaction);
	}

	protected function applyCustomExternalTransaction(
	PhabricatorLiskDAO $object,
	PhabricatorApplicationTransaction $xaction) {

	switch ($xaction->getTransactionType()) {
	case PassphraseCredentialTransaction::TYPE_NAME:
	case PassphraseCredentialTransaction::TYPE_DESCRIPTION:
	case PassphraseCredentialTransaction::TYPE_USERNAME:
	case PassphraseCredentialTransaction::TYPE_SECRET_ID:
	case PassphraseCredentialTransaction::TYPE_DESTROY:
	+ case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
	case PhabricatorTransactions::TYPE_VIEW_POLICY:
	case PhabricatorTransactions::TYPE_EDIT_POLICY:
	return;
	}

	return parent::applyCustomExternalTransaction($object, $xaction);
	}

	private function destroySecret($secret_id) {
	$table = new PassphraseSecret();
	queryfx(
	$table->establishConnection('w'),
	'DELETE FROM %T WHERE id = %d',
	$table->getTableName(),
	$secret_id);
	}

	protected function validateTransaction(
	PhabricatorLiskDAO $object,
	$type,
	array $xactions) {

	$errors = parent::validateTransaction($object, $type, $xactions);

	switch ($type) {
	case PassphraseCredentialTransaction::TYPE_NAME:
	$missing = $this->validateIsEmptyTextField(
	$object->getName(),
	$xactions);

	if ($missing) {
	$error = new PhabricatorApplicationTransactionValidationError(
	$type,
	pht('Required'),
	pht('Credential name is required.'),
	nonempty(last($xactions), null));

	$error->setIsMissingFieldError(true);
	$errors[] = $error;
	}
	break;
	case PassphraseCredentialTransaction::TYPE_USERNAME:
	$missing = $this->validateIsEmptyTextField(
	$object->getUsername(),
	$xactions);

	if ($missing) {
	$error = new PhabricatorApplicationTransactionValidationError(
	$type,
	pht('Required'),
	pht('Username is required.'),
	nonempty(last($xactions), null));

	$error->setIsMissingFieldError(true);
	$errors[] = $error;
	}
	break;
	}

	return $errors;
	}


	}
	diff --git a/src/applications/passphrase/storage/PassphraseCredentialTransaction.php b/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
	index 2303ea39ac..6caed5af3c 100644
	--- a/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
	+++ b/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
	@@ -1,101 +1,107 @@
	<?php

	final class PassphraseCredentialTransaction
	extends PhabricatorApplicationTransaction {

	const TYPE_NAME = 'passphrase:name';
	const TYPE_DESCRIPTION = 'passphrase:description';
	const TYPE_USERNAME = 'passphrase:username';
	const TYPE_SECRET_ID = 'passphrase:secretID';
	const TYPE_DESTROY = 'passphrase:destroy';
	+ const TYPE_LOOKEDATSECRET = 'passphrase:lookedAtSecret';

	public function getApplicationName() {
	return 'passphrase';
	}

	public function getApplicationTransactionType() {
	return PassphrasePHIDTypeCredential::TYPECONST;
	}

	public function getApplicationTransactionCommentObject() {
	return null;
	}

	public function shouldHide() {
	$old = $this->getOldValue();
	switch ($this->getTransactionType()) {
	case self::TYPE_DESCRIPTION:
	return ($old === null);
	case self::TYPE_USERNAME:
	return !strlen($old);
	+ case self::TYPE_LOOKEDATSECRET:
	+ return false;
	}
	return parent::shouldHide();
	}

	public function getTitle() {
	$old = $this->getOldValue();
	$new = $this->getNewValue();
	$author_phid = $this->getAuthorPHID();

	switch ($this->getTransactionType()) {
	case self::TYPE_NAME:
	if ($old === null) {
	return pht(
	'%s created this credential.',
	$this->renderHandleLink($author_phid));
	} else {
	return pht(
	'%s renamed this credential from "%s" to "%s".',
	$this->renderHandleLink($author_phid),
	$old,
	$new);
	}
	break;
	case self::TYPE_DESCRIPTION:
	return pht(
	'%s updated the description for this credential.',
	$this->renderHandleLink($author_phid));
	case self::TYPE_USERNAME:
	if (strlen($old)) {
	return pht(
	'%s changed the username for this credential from "%s" to "%s".',
	$this->renderHandleLink($author_phid),
	$old,
	$new);
	} else {
	return pht(
	'%s set the username for this credential to "%s".',
	$this->renderHandleLink($author_phid),
	$new);
	}
	break;
	case self::TYPE_SECRET_ID:
	return pht(
	'%s updated the secret for this credential.',
	$this->renderHandleLink($author_phid));
	case self::TYPE_DESTROY:
	return pht(
	'%s destroyed this credential.',
	$this->renderHandleLink($author_phid));
	+ case self::TYPE_LOOKEDATSECRET:
	+ return pht(
	+ '%s examined the secret plaintext for this credential.',
	+ $this->renderHandleLink($author_phid));
	}

	return parent::getTitle();
	}

	public function hasChangeDetails() {
	switch ($this->getTransactionType()) {
	case self::TYPE_DESCRIPTION:
	return true;
	}
	return parent::hasChangeDetails();
	}

	public function renderChangeDetails(PhabricatorUser $viewer) {
	return $this->renderTextCorpusChangeDetails(
	$viewer,
	json_encode($this->getOldValue()),
	json_encode($this->getNewValue()));
	}

	-
	}

File Metadata

Mime Type: text/x-diff
Expires: Sun, Jan 19, 13:06 (3 w, 3 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 1124896
Default Alt Text: (13 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions