Provide a more straightforward way to revoke SSH keys by finding and destroying the objects

+2

resources/sql/autopatches/20151218.key.1.keyphid.sql

··· 1 + ALTER TABLE {$NAMESPACE}_auth.auth_sshkey 2 + ADD phid VARBINARY(64) NOT NULL AFTER id;

+17

resources/sql/autopatches/20151218.key.2.keyphid.php

··· 1 + <?php 2 + 3 + $table = new PhabricatorAuthSSHKey(); 4 + $conn_w = $table->establishConnection('w'); 5 + 6 + foreach (new LiskMigrationIterator($table) as $cursor) { 7 + if (strlen($cursor->getPHID())) { 8 + continue; 9 + } 10 + 11 + queryfx( 12 + $conn_w, 13 + 'UPDATE %T SET phid = %s WHERE id = %d', 14 + $table->getTableName(), 15 + $table->generatePHID(), 16 + $cursor->getID()); 17 + }

+3

src/__phutil_library_map__.php

··· 1684 1684 'PhabricatorAuthApplication' => 'applications/auth/application/PhabricatorAuthApplication.php', 1685 1685 'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php', 1686 1686 'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php', 1687 + 'PhabricatorAuthSSHKeyPHIDType' => 'applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php', 1687 1688 'PhabricatorAuthConduitAPIMethod' => 'applications/auth/conduit/PhabricatorAuthConduitAPIMethod.php', 1688 1689 'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php', 1689 1690 'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php', ··· 5833 5834 'PhabricatorAuthSSHKey' => array( 5834 5835 'PhabricatorAuthDAO', 5835 5836 'PhabricatorPolicyInterface', 5837 + 'PhabricatorDestructibleInterface', 5836 5838 ), 5837 5839 'PhabricatorAuthSSHKeyController' => 'PhabricatorAuthController', 5838 5840 'PhabricatorAuthSSHKeyDeleteController' => 'PhabricatorAuthSSHKeyController', ··· 5840 5842 'PhabricatorAuthSSHKeyGenerateController' => 'PhabricatorAuthSSHKeyController', 5841 5843 'PhabricatorAuthSSHKeyQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 5842 5844 'PhabricatorAuthSSHKeyTableView' => 'AphrontView', 5845 + 'PhabricatorAuthSSHKeyPHIDType' => 'PhabricatorPHIDType', 5843 5846 'PhabricatorAuthSSHPublicKey' => 'Phobject', 5844 5847 'PhabricatorAuthSession' => array( 5845 5848 'PhabricatorAuthDAO',

+7

src/applications/auth/conduit/PhabricatorAuthQueryPublicKeysConduitAPIMethod.php

··· 14 14 protected function defineParamTypes() { 15 15 return array( 16 16 'ids' => 'optional list<id>', 17 + 'phids' => 'optional list<phid>', 17 18 'objectPHIDs' => 'optional list<phid>', 18 19 'keys' => 'optional list<string>', 19 20 ) + self::getPagerParamTypes(); ··· 32 33 $ids = $request->getValue('ids'); 33 34 if ($ids !== null) { 34 35 $query->withIDs($ids); 36 + } 37 + 38 + $phids = $request->getValue('phids'); 39 + if ($phids !== null) { 40 + $query->withPHIDs($phids); 35 41 } 36 42 37 43 $object_phids = $request->getValue('objectPHIDs'); ··· 57 63 $data[] = array( 58 64 'id' => $public_key->getID(), 59 65 'name' => $public_key->getName(), 66 + 'phid' => $public_key->getPHID(), 60 67 'objectPHID' => $public_key->getObjectPHID(), 61 68 'isTrusted' => (bool)$public_key->getIsTrusted(), 62 69 'key' => $public_key->getEntireKey(),

+38

src/applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php

··· 1 + <?php 2 + 3 + final class PhabricatorAuthSSHKeyPHIDType 4 + extends PhabricatorPHIDType { 5 + 6 + const TYPECONST = 'AKEY'; 7 + 8 + public function getTypeName() { 9 + return pht('Public SSH Key'); 10 + } 11 + 12 + public function newObject() { 13 + return new PhabricatorAuthSSHKey(); 14 + } 15 + 16 + public function getPHIDTypeApplicationClass() { 17 + return 'PhabricatorAuthApplication'; 18 + } 19 + 20 + protected function buildQueryForObjects( 21 + PhabricatorObjectQuery $query, 22 + array $phids) { 23 + 24 + return id(new PhabricatorAuthSSHKeyQuery()) 25 + ->withPHIDs($phids); 26 + } 27 + 28 + public function loadHandles( 29 + PhabricatorHandleQuery $query, 30 + array $handles, 31 + array $objects) { 32 + foreach ($handles as $phid => $handle) { 33 + $key = $objects[$phid]; 34 + $handle->setName(pht('SSH Key %d', $key->getID())); 35 + } 36 + } 37 + 38 + }

+25 -19

src/applications/auth/query/PhabricatorAuthSSHKeyQuery.php

··· 4 4 extends PhabricatorCursorPagedPolicyAwareQuery { 5 5 6 6 private $ids; 7 + private $phids; 7 8 private $objectPHIDs; 8 9 private $keys; 9 10 10 11 public function withIDs(array $ids) { 11 12 $this->ids = $ids; 13 + return $this; 14 + } 15 + 16 + public function withPHIDs(array $phids) { 17 + $this->phids = $phids; 12 18 return $this; 13 19 } 14 20 ··· 23 29 return $this; 24 30 } 25 31 26 - protected function loadPage() { 27 - $table = new PhabricatorAuthSSHKey(); 28 - $conn_r = $table->establishConnection('r'); 29 - 30 - $data = queryfx_all( 31 - $conn_r, 32 - 'SELECT * FROM %T %Q %Q %Q', 33 - $table->getTableName(), 34 - $this->buildWhereClause($conn_r), 35 - $this->buildOrderClause($conn_r), 36 - $this->buildLimitClause($conn_r)); 32 + public function newResultObject() { 33 + return new PhabricatorAuthSSHKey(); 34 + } 37 35 38 - return $table->loadAllFromArray($data); 36 + protected function loadPage() { 37 + return $this->loadStandardPage($this->newResultObject()); 39 38 } 40 39 41 40 protected function willFilterPage(array $keys) { ··· 54 53 // We must have an object, and that object must be a valid object for 55 54 // SSH keys. 56 55 if (!$object || !($object instanceof PhabricatorSSHPublicKeyInterface)) { 56 + $this->didRejectResult($ssh_key); 57 57 unset($keys[$key]); 58 58 continue; 59 59 } ··· 64 64 return $keys; 65 65 } 66 66 67 - protected function buildWhereClause(AphrontDatabaseConnection $conn_r) { 68 - $where = array(); 67 + protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) { 68 + $where = parent::buildWhereClauseParts($conn); 69 69 70 70 if ($this->ids !== null) { 71 71 $where[] = qsprintf( 72 - $conn_r, 72 + $conn, 73 73 'id IN (%Ld)', 74 74 $this->ids); 75 75 } 76 76 77 + if ($this->phids !== null) { 78 + $where[] = qsprintf( 79 + $conn, 80 + 'phid IN (%Ls)', 81 + $this->phids); 82 + } 83 + 77 84 if ($this->objectPHIDs !== null) { 78 85 $where[] = qsprintf( 79 - $conn_r, 86 + $conn, 80 87 'objectPHID IN (%Ls)', 81 88 $this->objectPHIDs); 82 89 } ··· 85 92 $sql = array(); 86 93 foreach ($this->keys as $key) { 87 94 $sql[] = qsprintf( 88 - $conn_r, 95 + $conn, 89 96 '(keyType = %s AND keyIndex = %s)', 90 97 $key->getType(), 91 98 $key->getHash()); ··· 93 100 $where[] = implode(' OR ', $sql); 94 101 } 95 102 96 - $where[] = $this->buildPagingClause($conn_r); 103 + return $where; 97 104 98 - return $this->formatWhereClause($where); 99 105 } 100 106 101 107 public function getQueryApplicationClass() {

+19 -3

src/applications/auth/storage/PhabricatorAuthSSHKey.php

··· 2 2 3 3 final class PhabricatorAuthSSHKey 4 4 extends PhabricatorAuthDAO 5 - implements PhabricatorPolicyInterface { 5 + implements 6 + PhabricatorPolicyInterface, 7 + PhabricatorDestructibleInterface { 6 8 7 9 protected $objectPHID; 8 10 protected $name; ··· 16 18 17 19 protected function getConfiguration() { 18 20 return array( 21 + self::CONFIG_AUX_PHID => true, 19 22 self::CONFIG_COLUMN_SCHEMA => array( 20 23 'name' => 'text255', 21 24 'keyType' => 'text255', ··· 63 66 return $this; 64 67 } 65 68 66 - 67 - 69 + public function generatePHID() { 70 + return PhabricatorPHID::generateNewPHID( 71 + PhabricatorAuthSSHKeyPHIDType::TYPECONST); 72 + } 68 73 69 74 /* -( PhabricatorPolicyInterface )----------------------------------------- */ 70 75 ··· 87 92 public function describeAutomaticCapability($capability) { 88 93 return pht( 89 94 'SSH keys inherit the policies of the user or object they authenticate.'); 95 + } 96 + 97 + /* -( PhabricatorDestructibleInterface )----------------------------------- */ 98 + 99 + 100 + public function destroyObjectPermanently( 101 + PhabricatorDestructionEngine $engine) { 102 + 103 + $this->openTransaction(); 104 + $this->delete(); 105 + $this->saveTransaction(); 90 106 } 91 107 92 108 }

Configure Feed

Configure Feed