1. 04 Apr, 2016 2 commits
    • epriestley's avatar
      Implement "auth.logout" Conduit API method · e55522ca
      epriestley authored
      Summary:
      Ref T7303. Ref T7673. This implements an "auth.logout" which:
      
        - terminates all web sessions;
        - terminates the current OAuth token if called via OAuth; and
        - may always be called via OAuth.
      
      (Since it consumes an OAuth token, even a "malicious" OAuth application can't really be that much of a jerk with this: it can't continuously log you out, since calling the method once kills the token. The application would need to ask your permission again to get a fresh token.)
      
      The primary goal here is to let Phacility instances call this against the Phacility upstream, so that when you log out of an instance it also logs you out of your Phacility account (possibly with a checkbox or something).
      
      This also smooths over the session token code. Before this change, your sessions would get logged out but when you reloaded we'd tell you your session was invalid.
      
      Instead, try to clear the invalid session before telling the user there's an issue. I think that ssentially 100% of invalid sessions are a result of something in this vein (e.g., forced logout via Settings) nowadays, since the session code is generally stable and sane and has been for a long time.
      
      Test Plan:
        - Called `auth.logout` via console, got a reasonable logout experience.
        - Called `auth.logout` via OAuth.
          - Tried to make another call, verified OAuth token had been invalidated.
          - Verified web session had been invalidated.
      
      Reviewers: chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T7303, T7673
      
      Differential Revision: https://secure.phabricator.com/D15594
      e55522ca
    • epriestley's avatar
      Begin cleaning up OAuth scope handling · 60133b6f
      epriestley authored
      Summary:
      Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess.
      
      Also introduce implicit "ALWAYS" and "NEVER" scopes.
      
      Always give tokens access to meta-methods like `conduit.getcapabilities` and `conduit.query`. These do not expose user information.
      
      Test Plan:
        - Used a token to call `user.whoami`.
        - Used a token to call `conduit.query`.
        - Used a token to try to call `user.query`, got rebuffed.
      
      Reviewers: chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T7303
      
      Differential Revision: https://secure.phabricator.com/D15593
      60133b6f
  2. 14 Dec, 2015 1 commit
    • epriestley's avatar
      Move ConduitLogs to ApplicationSearch · 4a147dcb
      epriestley authored
      Summary:
      Ref T9980. Start making this UI more useful and powerful so we can give administrators a better toolset for reacting to API changes.
      
      Fixes T9755. We were logging the caller, just not rendering it properly.
      
      Test Plan: {F1025799}
      
      Reviewers: chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T9755, T9980
      
      Differential Revision: https://secure.phabricator.com/D14779
      4a147dcb
  3. 18 Oct, 2015 1 commit
  4. 01 Sep, 2015 1 commit
  5. 04 Jun, 2015 2 commits
    • epriestley's avatar
      Add "Mailing List" users · 992c1995
      epriestley authored
      Summary:
      Ref T8387. Adds new mailing list users.
      
      This doesn't migrate anything yet. I also need to update the "Email Addresses" panel to let administrators change the list address.
      
      Test Plan:
        - Created and edited a mailing list user.
        - Viewed profile.
        - Viewed People list.
        - Searched for lists / nonlists.
        - Grepped for all uses of `getIsDisabled()` / `getIsSystemAgent()` and added relevant corresponding behaviors.
        - Hit the web/api/ssh session blocks.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: eadler, tycho.tatitscheff, epriestley
      
      Maniphest Tasks: T8387
      
      Differential Revision: https://secure.phabricator.com/D13123
      992c1995
    • epriestley's avatar
      Update account roles documentation and remove actAsUser · 8440b3ef
      epriestley authored
      Summary:
      Ref T8387. This describes changes I haven't made yet, but plan to make.
      
      Also removes the long-deprecated actAsUser capability so I can remove the caveat about it from the documentation.
      
      Test Plan: `grep`, reading
      
      Reviewers: btrahan, eadler
      
      Reviewed By: btrahan, eadler
      
      Subscribers: eadler, epriestley
      
      Maniphest Tasks: T8387
      
      Differential Revision: https://secure.phabricator.com/D13120
      8440b3ef
  6. 22 May, 2015 1 commit
  7. 20 May, 2015 1 commit
    • Chad Little's avatar
      [Redesign] Add Table, Collapse support to ObjectBox · a4784e03
      Chad Little authored
      Summary: Converts most all tables to be directly set via `setTable` to an ObjectBox. I think this path is more flexible design wise, as we can change the box based on children, and not just CSS. We also already do this with PropertyList, Forms, ObjectList, and Header. `setCollapsed` is added to ObjectBox to all children objects to bleed to the edges (like diffs).
      
      Test Plan: I did a grep of `appendChild($table)` as well as searches for `PHUIObjectBoxView`, also with manual opening of hundreds of files. I'm sure I missed 5-8 places. If you just appendChild($table) nothing breaks, it just looks a little funny.
      
      Reviewers: epriestley, btrahan
      
      Subscribers: Korvin, epriestley
      
      Differential Revision: https://secure.phabricator.com/D12955
      a4784e03
  8. 08 May, 2015 1 commit
  9. 05 May, 2015 1 commit
  10. 04 May, 2015 1 commit
  11. 05 Apr, 2015 1 commit
    • Joshua Spence's avatar
      Fix some odd looking arrays · ea376685
      Joshua Spence authored
      Summary: These arrays looks a little odd, most likely due to the autofix applied by `ArcanistXHPASTLinter::LINT_ARRAY_SEPARATOR`. See D12296 in which I attempt to improve the autocorrection from this linter rule.
      
      Test Plan: N/A
      
      Reviewers: epriestley, #blessed_reviewers
      
      Reviewed By: epriestley, #blessed_reviewers
      
      Subscribers: epriestley
      
      Differential Revision: https://secure.phabricator.com/D12281
      ea376685
  12. 03 Mar, 2015 1 commit
    • Chad Little's avatar
      Modernize Conduit app a bit · 42318043
      Chad Little authored
      Summary: Remove some AphrontPanels, add some phts, fix some table layouts.
      
      Test Plan: Browse many Conduit pages, test a few calls.
      
      Reviewers: btrahan, epriestley
      
      Reviewed By: epriestley
      
      Subscribers: Korvin, epriestley
      
      Maniphest Tasks: T7427
      
      Differential Revision: https://secure.phabricator.com/D11957
      42318043
  13. 23 Jan, 2015 1 commit
    • epriestley's avatar
      Proxy Diffusion Conduit API calls · d94d1da6
      epriestley authored
      Summary:
      Fixes T7020. When an external user makes a Conduit request to Diffusion but the repository isn't hosted locally, we need to proxy it.
      
      This also adds a guard layer to prevent requests from getting infinitely proxied inside the cluster.
      
      In "trivial" configurations (where the repository is a service repository, but the service is on the local device) I'm making us always proxy anyway. This basically makes it reasonable to test this stuff (otherwise you'd have to set up two different installs) and this configuration doesn't make much sense in real life (if you're using multiple machines, making one a dedicating daemons+repo box is almost certainly the most reasonable configuration, even for a cluster size of 2).
      
      Test Plan:
        - With a service-hosted repository, made Diffusion conduit calls and browsed the UI. Verified requests got proxied once, then resovled.
        - With a non-service repository, made Diffusion conduit calls and browsed UI. Verified requests were handled in-process immediately.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T7020
      
      Differential Revision: https://secure.phabricator.com/D11475
      d94d1da6
  14. 02 Jan, 2015 1 commit
    • epriestley's avatar
      Add `cluster.addresses` and require membership before accepting cluster authentication tokens · fa7bb8ff
      epriestley authored
      Summary:
      Ref T2783. Ref T6706.
      
        - Add `cluster.addresses`. This is a whitelist of CIDR blocks which define cluster hosts.
        - When we recieve a request that has a cluster-based authentication token, require the cluster to be configured and require the remote address to be a cluster member before we accept it.
          - This provides a general layer of security for these mechanisms.
          - In particular, it means they do not work by default on unconfigured hosts.
        - When cluster addresses are configured, and we receive a request //to// an address not on the list, reject it.
          - This provides a general layer of security for getting the Ops side of cluster configuration correct.
          - If cluster nodes have public IPs and are listening on them, we'll reject requests.
          - Basically, this means that any requests which bypass the LB get rejected.
      
      Test Plan:
        - With addresses not configured, tried to make requests; rejected for using a cluster auth mechanism.
        - With addresses configred wrong, tried to make requests; rejected for sending from (or to) an address outside of the cluster.
        - With addresses configured correctly, made valid requests.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T6706, T2783
      
      Differential Revision: https://secure.phabricator.com/D11159
      fa7bb8ff
  15. 15 Dec, 2014 2 commits
    • epriestley's avatar
      Add conduit.getcapabilities and a modern CLI handshake workflow · 288498f8
      epriestley authored
      Summary:
      Ref T5955.
      
        - Add `conduit.getcapabilities` to help arc (and other clients) determine formats, protocols, etc., the server supports.
        - Fixes T3117. Add a more modern version of the handshake workflow that allows all generated tokens to remain valid for an hour.
        - Generally, add a CLI token type. This token type expires after an hour when generated, then becomes permanent if used.
      
      Test Plan:
        - See D10988.
        - Ran `conduit.getcapabilities` and inspected output.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T3117, T5955
      
      Differential Revision: https://secure.phabricator.com/D10989
      288498f8
    • epriestley's avatar
      Accept Conduit tokens as an authentication mechanism · 0507626f
      epriestley authored
      Summary:
        - Ref T5955. Accept the tokens introduced in D10985 as an authentication token.
        - Ref T3628. Permit simple `curl`-compatible decoding of parameters.
      
      Test Plan:
        - Ran some sensible `curl` API commands:
      
      ```
      epriestley@orbital ~/dev/phabricator $ curl -g "http://local.phacility.com/api/user.whoami?api.token=api-f7dfpoyelk4mmz6vxcueb6hcbtbk" ; echo
      {"result":{"phid":"PHID-USER-cvfydnwadpdj7vdon36z","userName":"admin","realName":"asdf","image":"http:\/\/local.phacility.com\/res\/1410737307T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/local.phacility.com\/p\/admin\/","roles":["admin","verified","approved","activated"]},"error_code":null,"error_info":null}
      ```
      
      ```
      epriestley@orbital ~/dev/phabricator $ curl -g "http://local.phacility.com/api/differential.query?api.token=api-f7dfpoyelk4mmz6vxcueb6hcbtbk&ids[]=1" ; echo
      {"result":[{"id":"1","phid":"PHID-DREV-v3a67ixww3ccg5lqbxee","title":"zxcb","uri":"http:\/\/local.phacility.com\/D1","dateCreated":"1418405590","dateModified":"1418405590","authorPHID":"PHID-USER-cvfydnwadpdj7vdon36z","status":"0","statusName":"Needs Review","branch":null,"summary":"","testPlan":"zxcb","lineCount":"6","activeDiffPHID":"PHID-DIFF-pzbtc5rw6pe5j2kxtlr2","diffs":["1"],"commits":[],"reviewers":[],"ccs":[],"hashes":[],"auxiliary":{"phabricator:projects":[],"phabricator:depends-on":[],"organization.sqlmigration":null},"arcanistProjectPHID":null,"repositoryPHID":null,"sourcePath":null}],"error_code":null,"error_info":null}
      ```
      
        - Ran older-style commands like `arc list` against the local install.
        - Ran commands via web console.
        - Added and ran a unit test to make sure nothing is using forbidden parameter names.
        - Terminated a token and verified it no longer works.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T3628, T5955
      
      Differential Revision: https://secure.phabricator.com/D10986
      0507626f
  16. 21 Nov, 2014 1 commit
    • epriestley's avatar
      Allow device SSH keys to be trusted · 5e0f218f
      epriestley authored
      Summary:
      Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks.
      
      We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks.
      
      Add a `bin/almanac trust-key --id <x>` workflow for trusting keys. Only trusted keys can sign requests.
      
      Test Plan:
        - Generated a user key.
        - Generated a device key.
        - Trusted a device key.
        - Untrusted a device key.
        - Hit the various errors on trust/untrust.
        - Tried to edit a trusted key.
      
      {F236010}
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T6240
      
      Differential Revision: https://secure.phabricator.com/D10878
      5e0f218f
  17. 18 Nov, 2014 1 commit
  18. 17 Nov, 2014 1 commit
    • epriestley's avatar
      Allow Phabricator to accept Conduit requests signed with an SSH key · 657b36dd
      epriestley authored
      Summary:
      Ref T4209.  Depends on D10402.
      
      This updates Conduit to support authenticating calls from other servers by signing the request parameters with the sending server's private key and verifying it with the public key stored in the database.
      
      Test Plan:
        - Made like 500 bad calls using the stuff in D10402.
        - Made a few valid calls using the stuff in D10402.
      
      Reviewers: hach-que, btrahan, #blessed_reviewers
      
      Reviewed By: btrahan, #blessed_reviewers
      
      Subscribers: epriestley, Korvin
      
      Maniphest Tasks: T6240, T4209
      
      Differential Revision: https://secure.phabricator.com/D10401
      657b36dd
  19. 07 Oct, 2014 1 commit
  20. 25 Jul, 2014 1 commit
    • Joshua Spence's avatar
      Don't log Conduit 404s as errors · bff217ef
      Joshua Spence authored
      Summary: Fixes T5695. A Conduit "method does not exist" exception is somewhat expected... there is no need to `phlog` the exception.
      
      Test Plan: Called a non-existent Conduit method. Saw no exceptions in the error logs.
      
      Reviewers: #blessed_reviewers, epriestley
      
      Reviewed By: #blessed_reviewers, epriestley
      
      Subscribers: epriestley, Korvin
      
      Maniphest Tasks: T5695
      
      Differential Revision: https://secure.phabricator.com/D10042
      bff217ef
  21. 10 Jul, 2014 1 commit
    • Bob Trahan's avatar
      Security - disable conduit act as user by default · e281c5ee
      Bob Trahan authored
      Summary: Introduce a new configuration setting that by default disables the conduit as as user method. Wordily explain that turning it on is not recommended. Fixes T3818.
      
      Test Plan:
      ```
      15:25:19 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
      ~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
      Waiting for JSON parameters on stdin...
      {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-tghb3b2gbdyezdcuw2or","userName":"btrahan","realName":"Bob Trahan","image":"http:\/\/phalanx.dev\/file\/data\/yncjbh7phk7ktrdhuorn\/PHID-FILE-qyf4ui3x2ll3e52hpg5e\/profile-profile-gravatar","uri":"http:\/\/phalanx.dev\/p\/btrahan\/","roles":["admin","verified","approved","activated"]}}
      15:25:34 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
      
      <go edit libconfig/conduitclient to spoof another user...>
      
      ~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
      Waiting for JSON parameters on stdin...
      {"error":"ERR-CONDUIT-CORE","errorMessage":"ERR-CONDUIT-CORE: security.allow-conduit-act-as-user is disabled","response":null}
      15:26:40 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
      
      <enable option via bin/config....>
      
      ~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
      Waiting for JSON parameters on stdin...
      {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-6lcglnzbkiamdofishgi","userName":"xerxes","realName":"Xerxes Trahan","image":"http:\/\/phalanx.dev\/file\/data\/n2kyeevowetcuynbcxrg\/PHID-FILE-voquikectzpde256zzvm\/profile-1275455993.jpg","uri":"http:\/\/phalanx.dev\/p\/xerxes\/","roles":["verified","approved","activated"]}}
      ```
      
      Reviewers: epriestley
      
      Reviewed By: epriestley
      
      Subscribers: jevripio, sowedance, epriestley, Korvin
      
      Maniphest Tasks: T3818
      
      Differential Revision: https://secure.phabricator.com/D9881
      e281c5ee
  22. 09 Jul, 2014 1 commit
    • Joshua Spence's avatar
      Remove `@group` annotations · 8756d82c
      Joshua Spence authored
      Summary: I'm pretty sure that `@group` annotations are useless now... see D9855. Also fixed various other minor issues.
      
      Test Plan: Eye-ball it.
      
      Reviewers: #blessed_reviewers, epriestley, chad
      
      Reviewed By: #blessed_reviewers, epriestley
      
      Subscribers: epriestley, Korvin, hach-que
      
      Differential Revision: https://secure.phabricator.com/D9859
      8756d82c
  23. 23 Jun, 2014 1 commit
  24. 09 Jun, 2014 1 commit
    • Joshua Spence's avatar
      Change double quotes to single quotes. · 0a62f134
      Joshua Spence authored
      Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.
      
      Test Plan: Eyeballed it.
      
      Reviewers: #blessed_reviewers, epriestley
      
      Reviewed By: #blessed_reviewers, epriestley
      
      Subscribers: epriestley, Korvin, hach-que
      
      Differential Revision: https://secure.phabricator.com/D9431
      0a62f134
  25. 14 Jan, 2014 2 commits
    • epriestley's avatar
      Replace "web" and "conduit" magic session strings with constants · d392a8f1
      epriestley authored
      Summary: Ref T4310. Ref T3720. We use bare strings to refer to session types in several places right now; use constants instead.
      
      Test Plan: grep; logged out; logged in; ran Conduit commands.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      CC: aran
      
      Maniphest Tasks: T4310, T3720
      
      Differential Revision: https://secure.phabricator.com/D7963
      d392a8f1
    • epriestley's avatar
      Separate session management from PhabricatorUser · eef314b7
      epriestley authored
      Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`.
      
      Test Plan:
        - Viewed sessions.
        - Regenerated Conduit certificate.
        - Verified Conduit sessions were destroyed.
        - Logged out.
        - Logged in.
        - Ran conduit commands.
        - Viewed sessions again.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      CC: aran
      
      Maniphest Tasks: T4310, T3720
      
      Differential Revision: https://secure.phabricator.com/D7962
      eef314b7
  26. 19 Dec, 2013 1 commit
    • epriestley's avatar
      Provide convenience method addTextCrumb() to PhabricatorCrumbsView · a5dc9067
      epriestley authored
      Summary: We currently have a lot of calls to `addCrumb(id(new PhabricatorCrumbView())->...)` which can be expressed much more simply with a convenience method. Nearly all crumbs are only textual.
      
      Test Plan:
        - This was mostly automated, then I cleaned up a few unusual sites manually.
        - Bunch of grep / randomly clicking around.
      
      Reviewers: btrahan, chad
      
      Reviewed By: btrahan
      
      CC: hach-que, aran
      
      Differential Revision: https://secure.phabricator.com/D7787
      a5dc9067
  27. 12 Nov, 2013 1 commit
    • epriestley's avatar
      Improve handling of email verification and "activated" accounts · 7f11e8d7
      epriestley authored
      Summary:
      Small step forward which improves existing stuff or lays groudwork for future stuff:
      
        - Currently, to check for email verification, we have to single-query the email address on every page. Instead, denoramlize it into the user object.
          - Migrate all the existing users.
          - When the user verifies an email, mark them as `isEmailVerified` if the email is their primary email.
          - Just make the checks look at the `isEmailVerified` field.
        - Add a new check, `isUserActivated()`, to cover email-verified plus disabled. Currently, a non-verified-but-not-disabled user could theoretically use Conduit over SSH, if anyone deployed it. Tighten that up.
        - Add an `isApproved` flag, which is always true for now. In a future diff, I want to add a default-on admin approval queue for new accounts, to prevent configuration mistakes. The way it will work is:
          - When the queue is enabled, registering users are created with `isApproved = false`.
          - Admins are sent an email, "[Phabricator] New User Approval (alincoln)", telling them that a new user is waiting for approval.
          - They go to the web UI and approve the user.
          - Manually-created accounts are auto-approved.
          - The email will have instructions for disabling the queue.
      
      I think this queue will be helpful for new installs and give them peace of mind, and when you go to disable it we have a better opportunity to warn you about exactly what that means.
      
      Generally, I want to improve the default safety of registration, since if you just blindly coast through the path of least resistance right now your install ends up pretty open, and realistically few installs are on VPNs.
      
      Test Plan:
        - Ran migration, verified `isEmailVerified` populated correctly.
        - Created a new user, checked DB for verified (not verified).
        - Verified, checked DB (now verified).
        - Used Conduit, People, Diffusion.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      CC: chad, aran
      
      Differential Revision: https://secure.phabricator.com/D7572
      7f11e8d7
  28. 11 Nov, 2013 1 commit
  29. 17 Sep, 2013 1 commit
  30. 20 Aug, 2013 1 commit
  31. 01 Jul, 2013 2 commits
    • epriestley's avatar
      Mostly modernize Conduit logs · c3b21849
      epriestley authored
      Summary:
        - Add GC support to conduit logs.
        - Add Query support to conduit logs.
        - Record the actual user PHID.
        - Show client name.
        - Support querying by specific method, so I can link to this from a setup issue.
      
      @wez, this migration may not be fast. It took about 8 seconds for me to migrate 800,000 rows in the `conduit_methodcalllog` table. This adds a GC which should keep the table at a more manageable size in the future.
      
      You can safely delete all data older than 30 days from this table, although you should do it by `id` instead of `dateCreated` since there's no key on `dateCreated` until this patch.
      
      Test Plan:
        - Ran GC.
        - Looked at log UI.
        - Ran Conduit methods.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      CC: wez, aran
      
      Differential Revision: https://secure.phabricator.com/D6332
      c3b21849
    • epriestley's avatar
      Modernize most Conduit console interfaces · f82e4b0c
      epriestley authored
      Summary:
      Ref T603. Ref T2625.
      
      Long chain of "doing the right thing" here: I want to clean this up, so I can clean up the Conduit logs, so I can add a setup issue for deprecated method calls, so I can remove deprecated methods, so I can get rid of `DifferentialRevisionListData`, so I can make Differntial policy-aware.
      
      Adds modern infrastructure and UI to all of the Conduit interfaces (except only partially for the logs, that will be the next diff).
      
      Test Plan:
      {F48201}
      {F48202}
      {F48203}
      {F48204}
      {F48206}
      
      This will get further updates in the next diff:
      
      {F48205}
      
      Reviewers: btrahan, chad
      
      Reviewed By: chad
      
      CC: aran
      
      Maniphest Tasks: T603, T2625
      
      Differential Revision: https://secure.phabricator.com/D6331
      f82e4b0c
  32. 31 May, 2013 1 commit
    • Jakub Vrana's avatar
      Store hash of session key · 32f91557
      Jakub Vrana authored
      Summary:
      This prevents security by obscurity.
      If I have read-only access to the database then I can pretend to be any logged-in user.
      
      I've used `PhabricatorHash::digest()` (even though we don't need salt as the hashed string is random) to be compatible with user log.
      
      Test Plan:
      Applied patch.
      Verified I'm still logged in.
      Logged out.
      Logged in.
      
        $ arc tasks
      
      Reviewers: epriestley
      
      Reviewed By: epriestley
      
      CC: aran, Korvin
      
      Differential Revision: https://secure.phabricator.com/D6080
      32f91557
  33. 19 May, 2013 1 commit
    • Gareth Evans's avatar
      Route internal conduit calls if other hosts available · 94e7878a
      Gareth Evans authored
      Summary:
      Ref T2785
      
      Looks for hosts in `conduit.servers` config and if any exist route any conduit calls through any one of the hosts.
      
      Test Plan:
      Make some curl calls to public methods (`conduit.ping`), watch the access log for two requests. Make some calls from the UI that require authentication, watch the access log a bit more.
      
      Also ran the unit tests.
      
      Reviewers: epriestley
      
      Reviewed By: epriestley
      
      CC: aran, Korvin
      
      Maniphest Tasks: T2785
      
      Differential Revision: https://secure.phabricator.com/D5970
      94e7878a
  34. 13 Feb, 2013 2 commits