recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Security - disable conduit act as user by default

Summary: Introduce a new configuration setting that by default disables the conduit as as user method. Wordily explain that turning it on is not recommended. Fixes T3818.

Test Plan:
```
15:25:19 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
~> echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-tghb3b2gbdyezdcuw2or","userName":"btrahan","realName":"Bob Trahan","image":"http:\/\/phalanx.dev\/file\/data\/yncjbh7phk7ktrdhuorn\/PHID-FILE-qyf4ui3x2ll3e52hpg5e\/profile-profile-gravatar","uri":"http:\/\/phalanx.dev\/p\/btrahan\/","roles":["admin","verified","approved","activated"]}}
15:25:34 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)

<go edit libconfig/conduitclient to spoof another user...>

~> echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":"ERR-CONDUIT-CORE","errorMessage":"ERR-CONDUIT-CORE: security.allow-conduit-act-as-user is disabled","response":null}
15:26:40 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)

<enable option via bin/config....>

~> echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-6lcglnzbkiamdofishgi","userName":"xerxes","realName":"Xerxes Trahan","image":"http:\/\/phalanx.dev\/file\/data\/n2kyeevowetcuynbcxrg\/PHID-FILE-voquikectzpde256zzvm\/profile-1275455993.jpg","uri":"http:\/\/phalanx.dev\/p\/xerxes\/","roles":["verified","approved","activated"]}}
```

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: jevripio, sowedance, epriestley, Korvin

Maniphest Tasks: T3818

Differential Revision: https://secure.phabricator.com/D9881

Bob Trahan e281c5ee fae23e08

+22 -1
+5
src/applications/conduit/controller/PhabricatorConduitAPIController.php
··· 164 164 ConduitAPIRequest $api_request, 165 165 $user_name) { 166 166 167 + $config_key = 'security.allow-conduit-act-as-user'; 168 + if (!PhabricatorEnv::getEnvConfig($config_key)) { 169 + throw new Exception('security.allow-conduit-act-as-user is disabled'); 170 + } 171 + 167 172 if (!$api_request->getUser()->getIsAdmin()) { 168 173 throw new Exception('Only administrators can use actAsUser'); 169 174 }
+17 -1
src/applications/config/option/PhabricatorSecurityConfigOptions.php
··· 219 219 )) 220 220 ->setLocked(true) 221 221 ->setSummary( 222 - pht('Allow outbound HTTP requests')) 222 + pht('Allow outbound HTTP requests.')) 223 223 ->setDescription( 224 224 pht( 225 225 'If you enable this, you are allowing Phabricator to '. 226 226 'potentially make requests to external servers.')), 227 + $this->newOption('security.allow-conduit-act-as-user', 'bool', false) 228 + ->setBoolOptions( 229 + array( 230 + pht('Allow'), 231 + pht('Disallow'), 232 + )) 233 + ->setLocked(true) 234 + ->setSummary( 235 + pht('Allow administrators to use the Conduit API as other users.')) 236 + ->setDescription( 237 + pht( 238 + 'DEPRECATED - if you enable this, you are allowing '. 239 + 'administrators to act as any user via the Conduit API. '. 240 + 'Enabling this is not advised as it introduces a huge policy '. 241 + 'violation and has been obsoleted in functionality.')), 242 + 227 243 ); 228 244 } 229 245