@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Add a `bin/auth revoke` revoker for SSH keys
Summary: Ref T13043. Adds CLI support for revoking SSH keys. Also retargets UI language from "Deactivate" to "Revoke" to make it more clear that this is a one-way operation. This operation is already correctly implemented as a "Revoke" operation.
Test Plan: Used `bin/auth revoke --type ssh` to revoke keys, verified they became revoked (with proper transactions) in the UI. Revoked keys from the web UI flow.
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13043
Differential Revision: https://secure.phabricator.com/D18893
+70
-16
+4
-2
src/__phutil_library_map__.php
+4
-2
src/__phutil_library_map__.php
···
2105
2105
'PhabricatorAuthRevoker' => 'applications/auth/revoker/PhabricatorAuthRevoker.php',
2106
2106
'PhabricatorAuthSSHKey' => 'applications/auth/storage/PhabricatorAuthSSHKey.php',
2107
2107
'PhabricatorAuthSSHKeyController' => 'applications/auth/controller/PhabricatorAuthSSHKeyController.php',
2108
-
'PhabricatorAuthSSHKeyDeactivateController' => 'applications/auth/controller/PhabricatorAuthSSHKeyDeactivateController.php',
2109
2108
'PhabricatorAuthSSHKeyEditController' => 'applications/auth/controller/PhabricatorAuthSSHKeyEditController.php',
2110
2109
'PhabricatorAuthSSHKeyEditor' => 'applications/auth/editor/PhabricatorAuthSSHKeyEditor.php',
2111
2110
'PhabricatorAuthSSHKeyGenerateController' => 'applications/auth/controller/PhabricatorAuthSSHKeyGenerateController.php',
···
2113
2112
'PhabricatorAuthSSHKeyPHIDType' => 'applications/auth/phid/PhabricatorAuthSSHKeyPHIDType.php',
2114
2113
'PhabricatorAuthSSHKeyQuery' => 'applications/auth/query/PhabricatorAuthSSHKeyQuery.php',
2115
2114
'PhabricatorAuthSSHKeyReplyHandler' => 'applications/auth/mail/PhabricatorAuthSSHKeyReplyHandler.php',
2115
+
'PhabricatorAuthSSHKeyRevokeController' => 'applications/auth/controller/PhabricatorAuthSSHKeyRevokeController.php',
2116
2116
'PhabricatorAuthSSHKeySearchEngine' => 'applications/auth/query/PhabricatorAuthSSHKeySearchEngine.php',
2117
2117
'PhabricatorAuthSSHKeyTableView' => 'applications/auth/view/PhabricatorAuthSSHKeyTableView.php',
2118
2118
'PhabricatorAuthSSHKeyTransaction' => 'applications/auth/storage/PhabricatorAuthSSHKeyTransaction.php',
2119
2119
'PhabricatorAuthSSHKeyTransactionQuery' => 'applications/auth/query/PhabricatorAuthSSHKeyTransactionQuery.php',
2120
2120
'PhabricatorAuthSSHKeyViewController' => 'applications/auth/controller/PhabricatorAuthSSHKeyViewController.php',
2121
2121
'PhabricatorAuthSSHPublicKey' => 'applications/auth/sshkey/PhabricatorAuthSSHPublicKey.php',
2122
+
'PhabricatorAuthSSHRevoker' => 'applications/auth/revoker/PhabricatorAuthSSHRevoker.php',
2122
2123
'PhabricatorAuthSession' => 'applications/auth/storage/PhabricatorAuthSession.php',
2123
2124
'PhabricatorAuthSessionEngine' => 'applications/auth/engine/PhabricatorAuthSessionEngine.php',
2124
2125
'PhabricatorAuthSessionEngineExtension' => 'applications/auth/engine/PhabricatorAuthSessionEngineExtension.php',
···
7390
7391
'PhabricatorApplicationTransactionInterface',
7391
7392
),
7392
7393
'PhabricatorAuthSSHKeyController' => 'PhabricatorAuthController',
7393
-
'PhabricatorAuthSSHKeyDeactivateController' => 'PhabricatorAuthSSHKeyController',
7394
7394
'PhabricatorAuthSSHKeyEditController' => 'PhabricatorAuthSSHKeyController',
7395
7395
'PhabricatorAuthSSHKeyEditor' => 'PhabricatorApplicationTransactionEditor',
7396
7396
'PhabricatorAuthSSHKeyGenerateController' => 'PhabricatorAuthSSHKeyController',
···
7398
7398
'PhabricatorAuthSSHKeyPHIDType' => 'PhabricatorPHIDType',
7399
7399
'PhabricatorAuthSSHKeyQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
7400
7400
'PhabricatorAuthSSHKeyReplyHandler' => 'PhabricatorApplicationTransactionReplyHandler',
7401
+
'PhabricatorAuthSSHKeyRevokeController' => 'PhabricatorAuthSSHKeyController',
7401
7402
'PhabricatorAuthSSHKeySearchEngine' => 'PhabricatorApplicationSearchEngine',
7402
7403
'PhabricatorAuthSSHKeyTableView' => 'AphrontView',
7403
7404
'PhabricatorAuthSSHKeyTransaction' => 'PhabricatorApplicationTransaction',
7404
7405
'PhabricatorAuthSSHKeyTransactionQuery' => 'PhabricatorApplicationTransactionQuery',
7405
7406
'PhabricatorAuthSSHKeyViewController' => 'PhabricatorAuthSSHKeyController',
7406
7407
'PhabricatorAuthSSHPublicKey' => 'Phobject',
7408
+
'PhabricatorAuthSSHRevoker' => 'PhabricatorAuthRevoker',
7407
7409
'PhabricatorAuthSession' => array(
7408
7410
'PhabricatorAuthDAO',
7409
7411
'PhabricatorPolicyInterface',
+2
-2
src/applications/auth/application/PhabricatorAuthApplication.php
+2
-2
src/applications/auth/application/PhabricatorAuthApplication.php
···
80
80
'generate/' => 'PhabricatorAuthSSHKeyGenerateController',
81
81
'upload/' => 'PhabricatorAuthSSHKeyEditController',
82
82
'edit/(?P<id>\d+)/' => 'PhabricatorAuthSSHKeyEditController',
83
-
'deactivate/(?P<id>\d+)/'
84
-
=> 'PhabricatorAuthSSHKeyDeactivateController',
83
+
'revoke/(?P<id>\d+)/'
84
+
=> 'PhabricatorAuthSSHKeyRevokeController',
85
85
'view/(?P<id>\d+)/' => 'PhabricatorAuthSSHKeyViewController',
86
86
),
87
87
'password/' => 'PhabricatorAuthSetPasswordController',
+4
-4
src/applications/auth/controller/PhabricatorAuthSSHKeyDeactivateController.php
src/applications/auth/controller/PhabricatorAuthSSHKeyRevokeController.php
+4
-4
src/applications/auth/controller/PhabricatorAuthSSHKeyDeactivateController.php
src/applications/auth/controller/PhabricatorAuthSSHKeyRevokeController.php
···
1
1
<?php
2
2
3
-
final class PhabricatorAuthSSHKeyDeactivateController
3
+
final class PhabricatorAuthSSHKeyRevokeController
4
4
extends PhabricatorAuthSSHKeyController {
5
5
6
6
public function handleRequest(AphrontRequest $request) {
···
46
46
$name = phutil_tag('strong', array(), $key->getName());
47
47
48
48
return $this->newDialog()
49
-
->setTitle(pht('Deactivate SSH Public Key'))
49
+
->setTitle(pht('Revoke SSH Public Key'))
50
50
->appendParagraph(
51
51
pht(
52
-
'The key "%s" will be permanently deactivated, and you will no '.
52
+
'The key "%s" will be permanently revoked, and you will no '.
53
53
'longer be able to use the corresponding private key to '.
54
54
'authenticate.',
55
55
$name))
56
-
->addSubmitButton(pht('Deactivate Public Key'))
56
+
->addSubmitButton(pht('Revoke Public Key'))
57
57
->addCancelButton($cancel_uri);
58
58
}
59
59
+4
-4
src/applications/auth/controller/PhabricatorAuthSSHKeyViewController.php
+4
-4
src/applications/auth/controller/PhabricatorAuthSSHKeyViewController.php
···
35
35
if ($ssh_key->getIsActive()) {
36
36
$header->setStatus('fa-check', 'bluegrey', pht('Active'));
37
37
} else {
38
-
$header->setStatus('fa-ban', 'dark', pht('Deactivated'));
38
+
$header->setStatus('fa-ban', 'dark', pht('Revoked'));
39
39
}
40
40
41
41
$header->addActionLink(
···
80
80
$id = $ssh_key->getID();
81
81
82
82
$edit_uri = $this->getApplicationURI("sshkey/edit/{$id}/");
83
-
$deactivate_uri = $this->getApplicationURI("sshkey/deactivate/{$id}/");
83
+
$revoke_uri = $this->getApplicationURI("sshkey/revoke/{$id}/");
84
84
85
85
$curtain = $this->newCurtainView($ssh_key);
86
86
···
95
95
$curtain->addAction(
96
96
id(new PhabricatorActionView())
97
97
->setIcon('fa-times')
98
-
->setName(pht('Deactivate SSH Key'))
99
-
->setHref($deactivate_uri)
98
+
->setName(pht('Revoke SSH Key'))
99
+
->setHref($revoke_uri)
100
100
->setWorkflow(true)
101
101
->setDisabled(!$can_edit));
102
102
+1
-1
src/applications/auth/revoker/PhabricatorAuthRevoker.php
+1
-1
src/applications/auth/revoker/PhabricatorAuthRevoker.php
+52
src/applications/auth/revoker/PhabricatorAuthSSHRevoker.php
+52
src/applications/auth/revoker/PhabricatorAuthSSHRevoker.php
···
1
+
<?php
2
+
3
+
final class PhabricatorAuthSSHRevoker
4
+
extends PhabricatorAuthRevoker {
5
+
6
+
const REVOKERKEY = 'ssh';
7
+
8
+
public function revokeAllCredentials() {
9
+
$query = new PhabricatorAuthSSHKeyQuery();
10
+
return $this->revokeWithQuery($query);
11
+
}
12
+
13
+
public function revokeCredentialsFrom($object) {
14
+
$query = id(new PhabricatorAuthSSHKeyQuery())
15
+
->withObjectPHIDs(array($object->getPHID()));
16
+
17
+
return $this->revokeWithQuery($query);
18
+
}
19
+
20
+
private function revokeWithQuery(PhabricatorAuthSSHKeyQuery $query) {
21
+
$viewer = $this->getViewer();
22
+
23
+
// We're only going to revoke keys which have not already been revoked.
24
+
25
+
$ssh_keys = $query
26
+
->setViewer($viewer)
27
+
->withIsActive(true)
28
+
->execute();
29
+
30
+
$content_source = PhabricatorContentSource::newForSource(
31
+
PhabricatorDaemonContentSource::SOURCECONST);
32
+
33
+
$auth_phid = id(new PhabricatorAuthApplication())->getPHID();
34
+
foreach ($ssh_keys as $ssh_key) {
35
+
$xactions = array();
36
+
$xactions[] = $ssh_key->getApplicationTransactionTemplate()
37
+
->setTransactionType(PhabricatorAuthSSHKeyTransaction::TYPE_DEACTIVATE)
38
+
->setNewValue(1);
39
+
40
+
$editor = id(new PhabricatorAuthSSHKeyEditor())
41
+
->setActor($viewer)
42
+
->setActingAsPHID($auth_phid)
43
+
->setContinueOnNoEffect(true)
44
+
->setContinueOnMissingFields(true)
45
+
->setContentSource($content_source)
46
+
->applyTransactions($ssh_key, $xactions);
47
+
}
48
+
49
+
return count($ssh_keys);
50
+
}
51
+
52
+
}
+1
-1
src/applications/auth/storage/PhabricatorAuthSSHKey.php
+1
-1
src/applications/auth/storage/PhabricatorAuthSSHKey.php
+2
-2
src/applications/auth/storage/PhabricatorAuthSSHKeyTransaction.php
+2
-2
src/applications/auth/storage/PhabricatorAuthSSHKeyTransaction.php
···
43
43
case self::TYPE_DEACTIVATE:
44
44
if ($new) {
45
45
return pht(
46
-
'%s deactivated this key.',
46
+
'%s revoked this key.',
47
47
$this->renderHandleLink($author_phid));
48
48
} else {
49
49
return pht(
50
-
'%s activated this key.',
50
+
'%s reinstated this key.',
51
51
$this->renderHandleLink($author_phid));
52
52
}
53
53