recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Upgrade object reply addresses to SHA256 and remove "phabricator.mail-key"

Summary:
Ref T12509.

- Upgrade an old SHA1 to SHA256.
- Replace an old manually configurable HMAC key with an automatically generated one.

This is generally both simpler (less configuration) and more secure (you now get a unique value automatically).

This causes a one-time compatibility break that invalidates old "Reply-To" addresses. I'll note this in the changelog.

If you leaked a bunch of addresses, you could force a change here by mucking around with `phabricator_auth.auth_hmackey`, but AFAIK no one has ever used this value to react to any sort of security issue.

(I'll note the possibility that we might want to provide/document this "manually force HMAC keys to regenerate" stuff some day in T6994.)

Test Plan: Grepped for removed config. I'll vet this pathway more heavily in upcoming changes.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T12509

Differential Revision: https://secure.phabricator.com/D19945

epriestley 93e6dc1c a0668df7

+6 -20
+3
src/applications/config/check/PhabricatorExtraConfigSetupCheck.php
··· 385 385 'Mail thread IDs are now generated automatically.'), 386 386 'metamta.placeholder-to-recipient' => pht( 387 387 'Placeholder recipients are now generated automatically.'), 388 + 389 + 'metamta.mail-key' => pht( 390 + 'Mail object address hash keys are now generated automatically.'), 388 391 ); 389 392 390 393 return $ancient_config;
-14
src/applications/config/option/PhabricatorSecurityConfigOptions.php
··· 170 170 'seconds of mashing on your keyboard to set it up so you might '. 171 171 'as well.')), 172 172 $this->newOption( 173 - 'phabricator.mail-key', 174 - 'string', 175 - '5ce3e7e8787f6e40dfae861da315a5cdf1018f12') 176 - ->setHidden(true) 177 - ->setSummary( 178 - pht('Hashed with other inputs to generate mail tokens.')) 179 - ->setDescription( 180 - pht( 181 - "This is hashed with other inputs to generate mail tokens. If ". 182 - "you want, you can change it to some other string which is ". 183 - "unique to your install. In particular, you will want to do ". 184 - "this if you accidentally send a bunch of mail somewhere you ". 185 - "shouldn't have, to invalidate all old reply-to addresses.")), 186 - $this->newOption( 187 173 'uri.allowed-protocols', 188 174 'set', 189 175 array(
+3 -3
src/applications/metamta/receiver/PhabricatorObjectMailReceiver.php
··· 200 200 } 201 201 202 202 public static function computeMailHash($mail_key, $phid) { 203 - $global_mail_key = PhabricatorEnv::getEnvConfig('phabricator.mail-key'); 204 - 205 - $hash = PhabricatorHash::weakDigest($mail_key.$global_mail_key.$phid); 203 + $hash = PhabricatorHash::digestWithNamedKey( 204 + $mail_key.$phid, 205 + 'mail.object-address-key'); 206 206 return substr($hash, 0, 16); 207 207 } 208 208
-3
src/docs/user/configuration/configuring_inbound_email.diviner
··· 79 79 project and need to interact with users whose email accounts you have no control 80 80 over). 81 81 82 - If you leak a bunch of reply-to addresses by accident, you can change 83 - `phabricator.mail-key` in your configuration to invalidate all the old hashes. 84 - 85 82 You can also set `metamta.public-replies`, which will change how Phabricator 86 83 delivers email. Instead of sending each recipient a unique mail with a personal 87 84 reply-to address, it will send a single email to everyone with a public reply-to