@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
OAuthServer - hide client secret behind a "View Secret" action
Summary: ...also adds policies on who can view and who can edit an action. Fixes T6949.
Test Plan: viewed a secret through the new UI and it worked
Reviewers: epriestley
Reviewed By: epriestley
Subscribers: Korvin, epriestley
Maniphest Tasks: T6949
Differential Revision: https://secure.phabricator.com/D11401
+123
-16
+11
resources/sql/autopatches/20150114.oauthserver.client.policy.sql
+11
resources/sql/autopatches/20150114.oauthserver.client.policy.sql
···
1
+
ALTER TABLE {$NAMESPACE}_oauth_server.oauth_server_oauthserverclient
2
+
ADD viewPolicy VARBINARY(64) NOT NULL AFTER creatorPHID;
3
+
4
+
UPDATE {$NAMESPACE}_oauth_server.oauth_server_oauthserverclient
5
+
SET viewPolicy = 'users' WHERE viewPolicy = '';
6
+
7
+
ALTER TABLE {$NAMESPACE}_oauth_server.oauth_server_oauthserverclient
8
+
ADD editPolicy VARBINARY(64) NOT NULL AFTER viewPolicy;
9
+
10
+
UPDATE {$NAMESPACE}_oauth_server.oauth_server_oauthserverclient
11
+
SET editPolicy = creatorPHID WHERE viewPolicy = '';
+2
src/__phutil_library_map__.php
+2
src/__phutil_library_map__.php
···
2003
2003
'PhabricatorOAuthClientDeleteController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php',
2004
2004
'PhabricatorOAuthClientEditController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientEditController.php',
2005
2005
'PhabricatorOAuthClientListController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php',
2006
+
'PhabricatorOAuthClientSecretController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientSecretController.php',
2006
2007
'PhabricatorOAuthClientViewController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientViewController.php',
2007
2008
'PhabricatorOAuthResponse' => 'applications/oauthserver/PhabricatorOAuthResponse.php',
2008
2009
'PhabricatorOAuthServer' => 'applications/oauthserver/PhabricatorOAuthServer.php',
···
5203
5204
'PhabricatorOAuthClientDeleteController' => 'PhabricatorOAuthClientController',
5204
5205
'PhabricatorOAuthClientEditController' => 'PhabricatorOAuthClientController',
5205
5206
'PhabricatorOAuthClientListController' => 'PhabricatorOAuthClientController',
5207
+
'PhabricatorOAuthClientSecretController' => 'PhabricatorOAuthClientController',
5206
5208
'PhabricatorOAuthClientViewController' => 'PhabricatorOAuthClientController',
5207
5209
'PhabricatorOAuthResponse' => 'AphrontResponse',
5208
5210
'PhabricatorOAuthServerAccessToken' => 'PhabricatorOAuthServerDAO',
+1
src/applications/oauthserver/application/PhabricatorOAuthServerApplication.php
+1
src/applications/oauthserver/application/PhabricatorOAuthServerApplication.php
···
51
51
'delete/(?P<phid>[^/]+)/' => 'PhabricatorOAuthClientDeleteController',
52
52
'edit/(?P<phid>[^/]+)/' => 'PhabricatorOAuthClientEditController',
53
53
'view/(?P<phid>[^/]+)/' => 'PhabricatorOAuthClientViewController',
54
+
'secret/(?P<phid>[^/]+)/' => 'PhabricatorOAuthClientSecretController',
54
55
),
55
56
),
56
57
);
+21
src/applications/oauthserver/controller/client/PhabricatorOAuthClientEditController.php
+21
src/applications/oauthserver/controller/client/PhabricatorOAuthClientEditController.php
···
64
64
$e_redirect = pht('Invalid');
65
65
}
66
66
67
+
$client->setViewPolicy($request->getStr('viewPolicy'));
68
+
$client->setEditPolicy($request->getStr('editPolicy'));
67
69
if (!$errors) {
68
70
$client->save();
69
71
$view_uri = $client->getViewURI();
···
71
73
}
72
74
}
73
75
76
+
$policies = id(new PhabricatorPolicyQuery())
77
+
->setViewer($viewer)
78
+
->setObject($client)
79
+
->execute();
80
+
74
81
$form = id(new AphrontFormView())
75
82
->setUser($viewer)
76
83
->appendChild(
···
85
92
->setName('redirect_uri')
86
93
->setValue($client->getRedirectURI())
87
94
->setError($e_redirect))
95
+
->appendChild(
96
+
id(new AphrontFormPolicyControl())
97
+
->setUser($viewer)
98
+
->setCapability(PhabricatorPolicyCapability::CAN_VIEW)
99
+
->setPolicyObject($client)
100
+
->setPolicies($policies)
101
+
->setName('viewPolicy'))
102
+
->appendChild(
103
+
id(new AphrontFormPolicyControl())
104
+
->setUser($viewer)
105
+
->setCapability(PhabricatorPolicyCapability::CAN_EDIT)
106
+
->setPolicyObject($client)
107
+
->setPolicies($policies)
108
+
->setName('editPolicy'))
88
109
->appendChild(
89
110
id(new AphrontFormSubmitControl())
90
111
->addCancelButton($cancel_uri)
+70
src/applications/oauthserver/controller/client/PhabricatorOAuthClientSecretController.php
+70
src/applications/oauthserver/controller/client/PhabricatorOAuthClientSecretController.php
···
1
+
<?php
2
+
3
+
final class PhabricatorOAuthClientSecretController
4
+
extends PhabricatorOAuthClientController {
5
+
6
+
public function handleRequest(AphrontRequest $request) {
7
+
$viewer = $request->getUser();
8
+
9
+
$client = id(new PhabricatorOAuthServerClientQuery())
10
+
->setViewer($viewer)
11
+
->withPHIDs(array($this->getClientPHID()))
12
+
->requireCapabilities(
13
+
array(
14
+
PhabricatorPolicyCapability::CAN_VIEW,
15
+
PhabricatorPolicyCapability::CAN_EDIT,
16
+
))
17
+
->executeOne();
18
+
if (!$client) {
19
+
return new Aphront404Response();
20
+
}
21
+
22
+
$view_uri = $client->getViewURI();
23
+
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
24
+
$viewer,
25
+
$request,
26
+
$view_uri);
27
+
28
+
if ($request->isFormPost()) {
29
+
$secret = $client->getSecret();
30
+
$body = id(new PHUIFormLayoutView())
31
+
->appendChild(
32
+
id(new AphrontFormTextAreaControl())
33
+
->setLabel(pht('Plaintext'))
34
+
->setReadOnly(true)
35
+
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT)
36
+
->setValue($secret));
37
+
38
+
$dialog = id(new AphrontDialogView())
39
+
->setUser($viewer)
40
+
->setWidth(AphrontDialogView::WIDTH_FORM)
41
+
->setTitle(pht('Application Secret'))
42
+
->appendChild($body)
43
+
->addCancelButton($view_uri, pht('Done'));
44
+
45
+
return id(new AphrontDialogResponse())->setDialog($dialog);
46
+
}
47
+
48
+
49
+
$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
50
+
51
+
if ($is_serious) {
52
+
$body = pht(
53
+
'The secret associated with this oauth application will be shown in '.
54
+
'plain text on your screen.');
55
+
} else {
56
+
$body = pht(
57
+
'The secret associated with this oauth application will be shown in '.
58
+
'plain text on your screen. Before continuing, wrap your arms around '.
59
+
'your monitor to create a human shield, keeping it safe from prying '.
60
+
'eyes. Protect company secrets!');
61
+
}
62
+
return $this->newDialog()
63
+
->setUser($viewer)
64
+
->setTitle(pht('Really show application secret?'))
65
+
->appendChild($body)
66
+
->addSubmitButton(pht('Show Application Secret'))
67
+
->addCancelButton($view_uri);
68
+
}
69
+
70
+
}
+11
-5
src/applications/oauthserver/controller/client/PhabricatorOAuthClientViewController.php
+11
-5
src/applications/oauthserver/controller/client/PhabricatorOAuthClientViewController.php
···
62
62
->withClientPHIDs(array($client->getPHID()))
63
63
->executeOne();
64
64
$is_authorized = (bool)$authorization;
65
+
$id = $client->getID();
66
+
$phid = $client->getPHID();
65
67
66
68
$view = id(new PhabricatorActionListView())
67
69
->setUser($viewer);
···
76
78
77
79
$view->addAction(
78
80
id(new PhabricatorActionView())
81
+
->setName(pht('Show Application Secret'))
82
+
->setIcon('fa-eye')
83
+
->setHref($this->getApplicationURI("client/secret/{$phid}/"))
84
+
->setDisabled(!$can_edit)
85
+
->setWorkflow(true));
86
+
87
+
$view->addAction(
88
+
id(new PhabricatorActionView())
79
89
->setName(pht('Delete Application'))
80
90
->setIcon('fa-times')
81
91
->setWorkflow(true)
···
88
98
->setIcon('fa-wrench')
89
99
->setWorkflow(true)
90
100
->setDisabled($is_authorized)
91
-
->setHref($this->getApplicationURI('test/'.$client->getID().'/')));
101
+
->setHref($this->getApplicationURI('test/'.$id.'/')));
92
102
93
103
return $view;
94
104
}
···
102
112
$view->addProperty(
103
113
pht('Client ID'),
104
114
$client->getPHID());
105
-
106
-
$view->addProperty(
107
-
pht('Client Secret'),
108
-
$client->getSecret());
109
115
110
116
$view->addProperty(
111
117
pht('Redirect URI'),
+7
-11
src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php
+7
-11
src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php
···
10
10
protected $name;
11
11
protected $redirectURI;
12
12
protected $creatorPHID;
13
+
protected $viewPolicy;
14
+
protected $editPolicy;
13
15
14
16
public function getEditURI() {
15
17
return '/oauthserver/client/edit/'.$this->getPHID().'/';
···
26
28
public static function initializeNewClient(PhabricatorUser $actor) {
27
29
return id(new PhabricatorOAuthServerClient())
28
30
->setCreatorPHID($actor->getPHID())
29
-
->setSecret(Filesystem::readRandomCharacters(32));
31
+
->setSecret(Filesystem::readRandomCharacters(32))
32
+
->setViewPolicy(PhabricatorPolicies::POLICY_USER)
33
+
->setEditPolicy($actor->getPHID());
30
34
}
31
35
32
36
protected function getConfiguration() {
···
69
73
public function getPolicy($capability) {
70
74
switch ($capability) {
71
75
case PhabricatorPolicyCapability::CAN_VIEW:
72
-
return PhabricatorPolicies::POLICY_USER;
76
+
return $this->getViewPolicy();
73
77
case PhabricatorPolicyCapability::CAN_EDIT:
74
-
return PhabricatorPolicies::POLICY_NOONE;
78
+
return $this->getEditPolicy();
75
79
}
76
80
}
77
81
78
82
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
79
-
switch ($capability) {
80
-
case PhabricatorPolicyCapability::CAN_EDIT:
81
-
return ($viewer->getPHID() == $this->getCreatorPHID());
82
-
}
83
83
return false;
84
84
}
85
85
86
86
public function describeAutomaticCapability($capability) {
87
-
switch ($capability) {
88
-
case PhabricatorPolicyCapability::CAN_EDIT:
89
-
return pht("Only an application's creator can edit it.");
90
-
}
91
87
return null;
92
88
}
93
89