@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Complete session digest migration from SHA1 to SHA256
Summary:
Followup to 1d34238dc94555466e15039ff6991b371ae294ef.
Crossing fingers that nobody complains about a one-time logout after their six year long user session.
Closes T16025
Test Plan:
* Log in, log out, do stuff.
* More specifically, with my session expired, successfully logging in created a database row added to `phabricator_user.phabricator_session` as expected, and logout removed the row.
Reviewers: O1 Blessed Committers, avivey
Reviewed By: O1 Blessed Committers, avivey
Subscribers: avivey, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno
Maniphest Tasks: T16025
Differential Revision: https://we.phorge.it/D25949
+1
-24
+1
-24
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
+1
-24
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
···
136
136
$user_table = new PhabricatorUser();
137
137
$conn = $session_table->establishConnection('r');
138
138
139
-
// TODO: See T13225. We're moving sessions to a more modern digest
140
-
// algorithm, but still accept older cookies for compatibility.
141
139
$session_key = PhabricatorAuthSession::newSessionDigest(
142
140
new PhutilOpaqueEnvelope($session_token));
143
-
$weak_key = PhabricatorHash::weakDigest($session_token);
144
141
145
142
$cache_parts = $this->getUserCacheQueryParts($conn);
146
143
list($cache_selects, $cache_joins, $cache_map, $types_map) = $cache_parts;
···
155
152
s.highSecurityUntil AS s_highSecurityUntil,
156
153
s.isPartial AS s_isPartial,
157
154
s.signedLegalpadDocuments as s_signedLegalpadDocuments,
158
-
IF(s.sessionKey = %P, 1, 0) as s_weak,
159
155
u.*
160
156
%Q
161
157
FROM %R u JOIN %R s ON u.phid = s.userPHID
162
-
AND s.type = %s AND s.sessionKey IN (%P, %P) %Q',
163
-
new PhutilOpaqueEnvelope($weak_key),
158
+
AND s.type = %s AND s.sessionKey = %P %Q',
164
159
$cache_selects,
165
160
$user_table,
166
161
$session_table,
167
162
$session_type,
168
163
new PhutilOpaqueEnvelope($session_key),
169
-
new PhutilOpaqueEnvelope($weak_key),
170
164
$cache_joins);
171
165
172
166
if (!$info) {
173
167
return null;
174
168
}
175
-
176
-
// TODO: Remove this, see T13225.
177
-
$is_weak = (bool)$info['s_weak'];
178
-
unset($info['s_weak']);
179
169
180
170
$session_dict = array(
181
171
'userPHID' => $info['phid'],
···
219
209
$session = id(new PhabricatorAuthSession())->loadFromArray($session_dict);
220
210
221
211
$this->extendSession($session);
222
-
223
-
// TODO: Remove this, see T13225.
224
-
if ($is_weak) {
225
-
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
226
-
$conn_w = $session_table->establishConnection('w');
227
-
queryfx(
228
-
$conn_w,
229
-
'UPDATE %T SET sessionKey = %P WHERE id = %d',
230
-
$session->getTableName(),
231
-
new PhutilOpaqueEnvelope($session_key),
232
-
$session->getID());
233
-
unset($unguarded);
234
-
}
235
212
236
213
$user->attachSession($session);
237
214
return $user;