No OneTemporary
Actions

Size

38 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/passphrase/controller/PassphraseCredentialConduitController.php b/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
	index 4c65b5d07d..b86d18c227 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
	@@ -1,81 +1,75 @@
	<?php

	final class PassphraseCredentialConduitController
	extends PassphraseController {

	- private $id;
	-
	- public function willProcessRequest(array $data) {
	- $this->id = $data['id'];
	- }
	-
	- public function processRequest() {
	- $request = $this->getRequest();
	- $viewer = $request->getUser();
	+ public function handleRequest(AphrontRequest $request) {
	+ $viewer = $request->getViewer();
	+ $id = $request->getURIData('id');

	$credential = id(new PassphraseCredentialQuery())
	->setViewer($viewer)
	- ->withIDs(array($this->id))
	+ ->withIDs(array($id))
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	))
	->executeOne();
	if (!$credential) {
	return new Aphront404Response();
	}

	$view_uri = '/K'.$credential->getID();

	$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
	$viewer,
	$request,
	$view_uri);

	$type = PassphraseCredentialType::getTypeByConstant(
	$credential->getCredentialType());
	if (!$type) {
	throw new Exception(pht('Credential has invalid type "%s"!', $type));
	}

	if ($request->isFormPost()) {
	$xactions = array();
	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType(PassphraseCredentialTransaction::TYPE_CONDUIT)
	->setNewValue(!$credential->getAllowConduit());

	$editor = id(new PassphraseCredentialTransactionEditor())
	->setActor($viewer)
	->setContinueOnMissingFields(true)
	->setContentSourceFromRequest($request)
	->applyTransactions($credential, $xactions);

	return id(new AphrontRedirectResponse())->setURI($view_uri);
	}

	if ($credential->getAllowConduit()) {
	return $this->newDialog()
	->setTitle(pht('Prevent Conduit access?'))
	->appendChild(
	pht(
	'This credential and its secret will no longer be able '.
	'to be retrieved using the `%s` method in Conduit.',
	'passphrase.query'))
	->addSubmitButton(pht('Prevent Conduit Access'))
	->addCancelButton($view_uri);
	} else {
	return $this->newDialog()
	->setTitle(pht('Allow Conduit access?'))
	->appendChild(
	pht(
	'This credential will be able to be retrieved via the Conduit '.
	'API by users who have access to this credential. You should '.
	'only enable this for credentials which need to be accessed '.
	'programmatically (such as from build agents).'))
	->addSubmitButton(pht('Allow Conduit Access'))
	->addCancelButton($view_uri);
	}
	}

	}
	diff --git a/src/applications/passphrase/controller/PassphraseCredentialCreateController.php b/src/applications/passphrase/controller/PassphraseCredentialCreateController.php
	index a6462b8da8..cfddcbcc4a 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialCreateController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialCreateController.php
	@@ -1,69 +1,68 @@
	<?php

	final class PassphraseCredentialCreateController extends PassphraseController {

	- public function processRequest() {
	- $request = $this->getRequest();
	- $viewer = $request->getUser();
	+ public function handleRequest(AphrontRequest $request) {
	+ $viewer = $request->getViewer();

	$types = PassphraseCredentialType::getAllCreateableTypes();
	$types = mpull($types, null, 'getCredentialType');
	$types = msort($types, 'getCredentialTypeName');

	$errors = array();
	$e_type = null;

	if ($request->isFormPost()) {
	$type = $request->getStr('type');
	if (empty($types[$type])) {
	$errors[] = pht('You must choose a credential type.');
	$e_type = pht('Required');
	}

	if (!$errors) {
	$uri = $this->getApplicationURI('edit/?type='.$type);
	return id(new AphrontRedirectResponse())->setURI($uri);
	}
	}

	$types_control = id(new AphrontFormRadioButtonControl())
	->setName('type')
	->setLabel(pht('Credential Type'))
	->setError($e_type);

	foreach ($types as $type) {
	$types_control->addButton(
	$type->getCredentialType(),
	$type->getCredentialTypeName(),
	$type->getCredentialTypeDescription());
	}

	$form = id(new AphrontFormView())
	->setUser($viewer)
	->appendChild($types_control)
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Continue'))
	->addCancelButton($this->getApplicationURI()));

	$title = pht('New Credential');

	$crumbs = $this->buildApplicationCrumbs();
	$crumbs->addTextCrumb(pht('Create'));

	$box = id(new PHUIObjectBoxView())
	->setHeaderText(pht('Create New Credential'))
	->setFormErrors($errors)
	->setForm($form);

	return $this->buildApplicationPage(
	array(
	$crumbs,
	$box,
	),
	array(
	'title' => $title,
	));
	}

	}
	diff --git a/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php b/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php
	index 53f9e0650f..8858d0ef6b 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialDestroyController.php
	@@ -1,65 +1,59 @@
	<?php

	final class PassphraseCredentialDestroyController
	extends PassphraseController {

	- private $id;
	-
	- public function willProcessRequest(array $data) {
	- $this->id = $data['id'];
	- }
	-
	- public function processRequest() {
	- $request = $this->getRequest();
	- $viewer = $request->getUser();
	+ public function handleRequest(AphrontRequest $request) {
	+ $viewer = $request->getViewer();
	+ $id = $request->getURIData('id');

	$credential = id(new PassphraseCredentialQuery())
	->setViewer($viewer)
	- ->withIDs(array($this->id))
	+ ->withIDs(array($id))
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	))
	->executeOne();
	if (!$credential) {
	return new Aphront404Response();
	}

	$type = PassphraseCredentialType::getTypeByConstant(
	$credential->getCredentialType());
	if (!$type) {
	throw new Exception(pht('Credential has invalid type "%s"!', $type));
	}

	$view_uri = '/K'.$credential->getID();

	if ($request->isFormPost()) {

	$xactions = array();
	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType(PassphraseCredentialTransaction::TYPE_DESTROY)
	->setNewValue(1);

	$editor = id(new PassphraseCredentialTransactionEditor())
	->setActor($viewer)
	->setContinueOnMissingFields(true)
	->setContentSourceFromRequest($request)
	->applyTransactions($credential, $xactions);

	return id(new AphrontRedirectResponse())->setURI($view_uri);
	}

	return $this->newDialog()
	->setUser($viewer)
	->setTitle(pht('Really destroy credential?'))
	->appendChild(
	pht(
	'This credential will be deactivated and the secret will be '.
	'unrecoverably destroyed. Anything relying on this credential '.
	'will cease to function. This operation can not be undone.'))
	->addSubmitButton(pht('Destroy Credential'))
	->addCancelButton($view_uri);
	}

	}
	diff --git a/src/applications/passphrase/controller/PassphraseCredentialEditController.php b/src/applications/passphrase/controller/PassphraseCredentialEditController.php
	index 36033c7c01..8a2a8da70f 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialEditController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialEditController.php
	@@ -1,383 +1,377 @@
	<?php

	final class PassphraseCredentialEditController extends PassphraseController {

	- private $id;
	+ public function handleRequest(AphrontRequest $request) {
	+ $viewer = $request->getViewer();
	+ $id = $request->getURIData('id');

	- public function willProcessRequest(array $data) {
	- $this->id = idx($data, 'id');
	- }
	-
	- public function processRequest() {
	- $request = $this->getRequest();
	- $viewer = $request->getUser();
	-
	- if ($this->id) {
	+ if ($id) {
	$credential = id(new PassphraseCredentialQuery())
	->setViewer($viewer)
	- ->withIDs(array($this->id))
	+ ->withIDs(array($id))
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	))
	->executeOne();
	if (!$credential) {
	return new Aphront404Response();
	}

	$type = $this->getCredentialType($credential->getCredentialType());

	$is_new = false;
	} else {
	$type_const = $request->getStr('type');
	$type = $this->getCredentialType($type_const);

	if (!$type->isCreateable()) {
	throw new Exception(
	pht(
	'Credential has noncreateable type "%s"!',
	$credential->getCredentialType()));
	}

	$credential = PassphraseCredential::initializeNewCredential($viewer)
	->setCredentialType($type->getCredentialType())
	->setProvidesType($type->getProvidesType());

	$is_new = true;

	// Prefill username if provided.
	$credential->setUsername((string)$request->getStr('username'));

	if (!$request->getStr('isInitialized')) {
	$type->didInitializeNewCredential($viewer, $credential);
	}
	}

	$errors = array();

	$v_name = $credential->getName();
	$e_name = true;

	$v_desc = $credential->getDescription();
	$v_space = $credential->getSpacePHID();

	$v_username = $credential->getUsername();
	$e_username = true;

	$v_is_locked = false;

	$bullet = "\xE2\x80\xA2";

	$v_secret = $credential->getSecretID() ? str_repeat($bullet, 32) : null;
	if ($is_new && ($v_secret === null)) {
	// If we're creating a new credential, the credential type may have
	// populated the secret for us (for example, generated an SSH key). In
	// this case,
	try {
	$v_secret = $credential->getSecret()->openEnvelope();
	} catch (Exception $ex) {
	// Ignore this.
	}
	}

	$validation_exception = null;
	$errors = array();
	$e_password = null;
	if ($request->isFormPost()) {

	$v_name = $request->getStr('name');
	$v_desc = $request->getStr('description');
	$v_username = $request->getStr('username');
	$v_view_policy = $request->getStr('viewPolicy');
	$v_edit_policy = $request->getStr('editPolicy');
	$v_is_locked = $request->getStr('lock');

	$v_secret = $request->getStr('secret');
	$v_space = $request->getStr('spacePHID');
	$v_password = $request->getStr('password');
	$v_decrypt = $v_secret;

	$env_secret = new PhutilOpaqueEnvelope($v_secret);
	$env_password = new PhutilOpaqueEnvelope($v_password);

	if ($type->requiresPassword($env_secret)) {
	if (strlen($v_password)) {
	$v_decrypt = $type->decryptSecret($env_secret, $env_password);
	if ($v_decrypt === null) {
	$e_password = pht('Incorrect');
	$errors[] = pht(
	'This key requires a password, but the password you provided '.
	'is incorrect.');
	} else {
	$v_decrypt = $v_decrypt->openEnvelope();
	}
	} else {
	$e_password = pht('Required');
	$errors[] = pht(
	'This key requires a password. You must provide the password '.
	'for the key.');
	}
	}

	if (!$errors) {
	$type_name = PassphraseCredentialTransaction::TYPE_NAME;
	$type_desc = PassphraseCredentialTransaction::TYPE_DESCRIPTION;
	$type_username = PassphraseCredentialTransaction::TYPE_USERNAME;
	$type_destroy = PassphraseCredentialTransaction::TYPE_DESTROY;
	$type_secret_id = PassphraseCredentialTransaction::TYPE_SECRET_ID;
	$type_is_locked = PassphraseCredentialTransaction::TYPE_LOCK;
	$type_view_policy = PhabricatorTransactions::TYPE_VIEW_POLICY;
	$type_edit_policy = PhabricatorTransactions::TYPE_EDIT_POLICY;
	$type_space = PhabricatorTransactions::TYPE_SPACE;

	$xactions = array();

	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_name)
	->setNewValue($v_name);

	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_desc)
	->setNewValue($v_desc);

	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_view_policy)
	->setNewValue($v_view_policy);

	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_edit_policy)
	->setNewValue($v_edit_policy);

	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_space)
	->setNewValue($v_space);

	// Open a transaction in case we're writing a new secret; this limits
	// the amount of code which handles secret plaintexts.
	$credential->openTransaction();

	if (!$credential->getIsLocked()) {
	if ($type->shouldRequireUsername()) {
	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_username)
	->setNewValue($v_username);
	}
	// If some value other than a sequence of bullets was provided for
	// the credential, update it. In particular, note that we are
	// explicitly allowing empty secrets: one use case is HTTP auth where
	// the username is a secret token which covers both identity and
	// authentication.

	if (!preg_match('/^('.$bullet.')+$/', trim($v_decrypt))) {
	// If the credential was previously destroyed, restore it when it is
	// edited if a secret is provided.
	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_destroy)
	->setNewValue(0);

	$new_secret = id(new PassphraseSecret())
	->setSecretData($v_decrypt)
	->save();
	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_secret_id)
	->setNewValue($new_secret->getID());
	}

	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType($type_is_locked)
	->setNewValue($v_is_locked);
	}

	try {
	$editor = id(new PassphraseCredentialTransactionEditor())
	->setActor($viewer)
	->setContinueOnNoEffect(true)
	->setContentSourceFromRequest($request)
	->applyTransactions($credential, $xactions);

	$credential->saveTransaction();

	if ($request->isAjax()) {
	return id(new AphrontAjaxResponse())->setContent(
	array(
	'phid' => $credential->getPHID(),
	'name' => 'K'.$credential->getID().' '.$credential->getName(),
	));
	} else {
	return id(new AphrontRedirectResponse())
	->setURI('/K'.$credential->getID());
	}
	} catch (PhabricatorApplicationTransactionValidationException $ex) {
	$credential->killTransaction();

	$validation_exception = $ex;

	$e_name = $ex->getShortMessage($type_name);
	$e_username = $ex->getShortMessage($type_username);

	$credential->setViewPolicy($v_view_policy);
	$credential->setEditPolicy($v_edit_policy);
	}
	}
	}

	$policies = id(new PhabricatorPolicyQuery())
	->setViewer($viewer)
	->setObject($credential)
	->execute();

	$secret_control = $type->newSecretControl();
	$credential_is_locked = $credential->getIsLocked();

	$form = id(new AphrontFormView())
	->setUser($viewer)
	->addHiddenInput('isInitialized', true)
	->appendChild(
	id(new AphrontFormTextControl())
	->setName('name')
	->setLabel(pht('Name'))
	->setValue($v_name)
	->setError($e_name))
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT)
	->setName('description')
	->setLabel(pht('Description'))
	->setValue($v_desc))
	->appendChild(
	id(new AphrontFormMarkupControl())
	->setLabel(pht('Credential Type'))
	->setValue($type->getCredentialTypeName()))
	->appendChild(
	id(new AphrontFormDividerControl()))
	->appendControl(
	id(new AphrontFormPolicyControl())
	->setName('viewPolicy')
	->setPolicyObject($credential)
	->setCapability(PhabricatorPolicyCapability::CAN_VIEW)
	->setPolicies($policies))
	->appendControl(
	id(new AphrontFormPolicyControl())
	->setName('editPolicy')
	->setPolicyObject($credential)
	->setCapability(PhabricatorPolicyCapability::CAN_EDIT)
	->setPolicies($policies))
	->appendChild(
	id(new AphrontFormDividerControl()));

	if ($credential_is_locked) {
	$form->appendRemarkupInstructions(
	pht('This credential is permanently locked and can not be edited.'));
	}

	if ($type->shouldRequireUsername()) {
	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setName('username')
	->setLabel(pht('Login/Username'))
	->setValue($v_username)
	->setDisabled($credential_is_locked)
	->setError($e_username));
	}
	$form
	->appendChild(
	$secret_control
	->setName('secret')
	->setLabel($type->getSecretLabel())
	->setDisabled($credential_is_locked)
	->setValue($v_secret));

	if ($type->shouldShowPasswordField()) {
	$form->appendChild(
	id(new AphrontFormPasswordControl())
	->setDisableAutocomplete(true)
	->setName('password')
	->setLabel($type->getPasswordLabel())
	->setDisabled($credential_is_locked)
	->setError($e_password));
	}

	if ($is_new) {
	$form->appendChild(
	id(new AphrontFormCheckboxControl())
	->addCheckbox(
	'lock',
	1,
	array(
	phutil_tag('strong', array(), pht('Lock Permanently:')),
	' ',
	pht('Prevent the secret from being revealed or changed.'),
	),
	$v_is_locked)
	->setDisabled($credential_is_locked));
	}

	$crumbs = $this->buildApplicationCrumbs();

	if ($is_new) {
	$title = pht('Create Credential');
	$header = pht('Create New Credential');
	$crumbs->addTextCrumb(pht('Create'));
	$cancel_uri = $this->getApplicationURI();
	} else {
	$title = pht('Edit Credential');
	$header = pht('Edit Credential %s', 'K'.$credential->getID());
	$crumbs->addTextCrumb(
	'K'.$credential->getID(),
	'/K'.$credential->getID());
	$crumbs->addTextCrumb(pht('Edit'));
	$cancel_uri = '/K'.$credential->getID();
	}

	if ($request->isAjax()) {
	if ($errors) {
	$errors = id(new PHUIInfoView())->setErrors($errors);
	}

	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->setWidth(AphrontDialogView::WIDTH_FORM)
	->setTitle($title)
	->appendChild($errors)
	->appendChild($form->buildLayoutView())
	->addSubmitButton(pht('Create Credential'))
	->addCancelButton($cancel_uri);

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	$form->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Save'))
	->addCancelButton($cancel_uri));

	$box = id(new PHUIObjectBoxView())
	->setHeaderText($header)
	->setFormErrors($errors)
	->setValidationException($validation_exception)
	->setForm($form);

	return $this->buildApplicationPage(
	array(
	$crumbs,
	$box,
	),
	array(
	'title' => $title,
	));
	}

	private function getCredentialType($type_const) {
	$type = PassphraseCredentialType::getTypeByConstant($type_const);

	if (!$type) {
	throw new Exception(
	pht('Credential has invalid type "%s"!', $type_const));
	}

	return $type;
	}

	}
	diff --git a/src/applications/passphrase/controller/PassphraseCredentialListController.php b/src/applications/passphrase/controller/PassphraseCredentialListController.php
	index db36a4a6ba..c4da29a984 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialListController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialListController.php
	@@ -1,24 +1,20 @@
	<?php

	final class PassphraseCredentialListController extends PassphraseController {

	- private $queryKey;
	-
	public function shouldAllowPublic() {
	return true;
	}

	- public function willProcessRequest(array $data) {
	- $this->queryKey = idx($data, 'queryKey');
	- }
	+ public function handleRequest(AphrontRequest $request) {
	+ $querykey = $request->getURIData('queryKey');

	- public function processRequest() {
	$controller = id(new PhabricatorApplicationSearchController())
	- ->setQueryKey($this->queryKey)
	+ ->setQueryKey($querykey)
	->setSearchEngine(new PassphraseCredentialSearchEngine())
	->setNavigation($this->buildSideNavView());

	return $this->delegateToController($controller);
	}

	}
	diff --git a/src/applications/passphrase/controller/PassphraseCredentialLockController.php b/src/applications/passphrase/controller/PassphraseCredentialLockController.php
	index 3abe4c8820..4a872d8667 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialLockController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialLockController.php
	@@ -1,74 +1,68 @@
	<?php

	final class PassphraseCredentialLockController
	extends PassphraseController {

	- private $id;
	-
	- public function willProcessRequest(array $data) {
	- $this->id = $data['id'];
	- }
	-
	- public function processRequest() {
	- $request = $this->getRequest();
	- $viewer = $request->getUser();
	+ public function handleRequest(AphrontRequest $request) {
	+ $viewer = $request->getViewer();
	+ $id = $request->getURIData('id');

	$credential = id(new PassphraseCredentialQuery())
	->setViewer($viewer)
	- ->withIDs(array($this->id))
	+ ->withIDs(array($id))
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	))
	->executeOne();
	if (!$credential) {
	return new Aphront404Response();
	}

	$type = PassphraseCredentialType::getTypeByConstant(
	$credential->getCredentialType());
	if (!$type) {
	throw new Exception(pht('Credential has invalid type "%s"!', $type));
	}

	$view_uri = '/K'.$credential->getID();

	if ($credential->getIsLocked()) {
	return $this->newDialog()
	->setTitle(pht('Credential Already Locked'))
	->appendChild(
	pht(
	'This credential has been locked and the secret is '.
	'hidden forever. Anything relying on this credential will '.
	'still function. This operation can not be undone.'))
	->addCancelButton($view_uri, pht('Close'));
	}

	if ($request->isFormPost()) {
	$xactions = array();
	$xactions[] = id(new PassphraseCredentialTransaction())
	->setTransactionType(PassphraseCredentialTransaction::TYPE_LOCK)
	->setNewValue(1);

	$editor = id(new PassphraseCredentialTransactionEditor())
	->setActor($viewer)
	->setContinueOnMissingFields(true)
	->setContentSourceFromRequest($request)
	->applyTransactions($credential, $xactions);

	return id(new AphrontRedirectResponse())->setURI($view_uri);
	}

	return $this->newDialog()
	->setTitle(pht('Really lock credential?'))
	->appendChild(
	pht(
	'This credential will be locked and the secret will be '.
	'hidden forever. Anything relying on this credential will '.
	'still function. This operation can not be undone.'))
	->addSubmitButton(pht('Lock Credential'))
	->addCancelButton($view_uri);
	}

	}
	diff --git a/src/applications/passphrase/controller/PassphraseCredentialPublicController.php b/src/applications/passphrase/controller/PassphraseCredentialPublicController.php
	index dc129a327d..56fc6ac4ae 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialPublicController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialPublicController.php
	@@ -1,59 +1,53 @@
	<?php

	final class PassphraseCredentialPublicController
	extends PassphraseController {

	- private $id;
	-
	- public function willProcessRequest(array $data) {
	- $this->id = $data['id'];
	- }
	-
	- public function processRequest() {
	- $request = $this->getRequest();
	- $viewer = $request->getUser();
	+ public function handleRequest(AphrontRequest $request) {
	+ $viewer = $request->getViewer();
	+ $id = $request->getURIData('id');

	$credential = id(new PassphraseCredentialQuery())
	->setViewer($viewer)
	- ->withIDs(array($this->id))
	+ ->withIDs(array($id))
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	))
	->executeOne();
	if (!$credential) {
	return new Aphront404Response();
	}

	$type = PassphraseCredentialType::getTypeByConstant(
	$credential->getCredentialType());
	if (!$type) {
	throw new Exception(pht('Credential has invalid type "%s"!', $type));
	}

	if (!$type->hasPublicKey()) {
	throw new Exception(pht('Credential has no public key!'));
	}

	$view_uri = '/'.$credential->getMonogram();

	$public_key = $type->getPublicKey($viewer, $credential);

	$body = id(new PHUIFormLayoutView())
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setLabel(pht('Public Key'))
	->setReadOnly(true)
	->setValue($public_key));

	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->setWidth(AphrontDialogView::WIDTH_FORM)
	->setTitle(pht('Public Key (%s)', $credential->getMonogram()))
	->appendChild($body)
	->addCancelButton($view_uri, pht('Done'));

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	}
	diff --git a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
	index e82dea7408..c61086b0e7 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
	@@ -1,111 +1,105 @@
	<?php

	final class PassphraseCredentialRevealController
	extends PassphraseController {

	- private $id;
	-
	- public function willProcessRequest(array $data) {
	- $this->id = $data['id'];
	- }
	-
	- public function processRequest() {
	- $request = $this->getRequest();
	- $viewer = $request->getUser();
	+ public function handleRequest(AphrontRequest $request) {
	+ $viewer = $request->getViewer();
	+ $id = $request->getURIData('id');

	$credential = id(new PassphraseCredentialQuery())
	->setViewer($viewer)
	- ->withIDs(array($this->id))
	+ ->withIDs(array($id))
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	))
	->needSecrets(true)
	->executeOne();
	if (!$credential) {
	return new Aphront404Response();
	}

	$view_uri = '/K'.$credential->getID();

	$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
	$viewer,
	$request,
	$view_uri);
	$is_locked = $credential->getIsLocked();

	if ($is_locked) {
	return $this->newDialog()
	->setUser($viewer)
	->setTitle(pht('Credential is locked'))
	->appendChild(
	pht(
	'This credential can not be shown, because it is locked.'))
	->addCancelButton($view_uri);
	}

	if ($request->isFormPost()) {
	$secret = $credential->getSecret();
	if (!$secret) {
	$body = pht('This credential has no associated secret.');
	} else if (!strlen($secret->openEnvelope())) {
	$body = pht('This credential has an empty secret.');
	} else {
	$body = id(new PHUIFormLayoutView())
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setLabel(pht('Plaintext'))
	->setReadOnly(true)
	->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL)
	->setValue($secret->openEnvelope()));
	}

	// NOTE: Disable workflow on the cancel button to reload the page so
	// the viewer can see that their view was logged.

	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->setWidth(AphrontDialogView::WIDTH_FORM)
	->setTitle(pht('Credential Secret (%s)', $credential->getMonogram()))
	->appendChild($body)
	->setDisableWorkflowOnCancel(true)
	->addCancelButton($view_uri, pht('Done'));

	$type_secret = PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET;
	$xactions = array(id(new PassphraseCredentialTransaction())
	->setTransactionType($type_secret)
	->setNewValue(true),
	);

	$editor = id(new PassphraseCredentialTransactionEditor())
	->setActor($viewer)
	->setContinueOnNoEffect(true)
	->setContentSourceFromRequest($request)
	->applyTransactions($credential, $xactions);

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');

	if ($is_serious) {
	$body = pht(
	'The secret associated with this credential will be shown in plain '.
	'text on your screen.');
	} else {
	$body = pht(
	'The secret associated with this credential will be shown in plain '.
	'text on your screen. Before continuing, wrap your arms around '.
	'your monitor to create a human shield, keeping it safe from '.
	'prying eyes. Protect company secrets!');
	}
	return $this->newDialog()
	->setUser($viewer)
	->setTitle(pht('Really show secret?'))
	->appendChild($body)
	->addSubmitButton(pht('Show Secret'))
	->addCancelButton($view_uri);
	}

	}
	diff --git a/src/applications/passphrase/controller/PassphraseCredentialViewController.php b/src/applications/passphrase/controller/PassphraseCredentialViewController.php
	index ede3bab78f..535527912a 100644
	--- a/src/applications/passphrase/controller/PassphraseCredentialViewController.php
	+++ b/src/applications/passphrase/controller/PassphraseCredentialViewController.php
	@@ -1,218 +1,212 @@
	<?php

	final class PassphraseCredentialViewController extends PassphraseController {

	- private $id;
	-
	- public function willProcessRequest(array $data) {
	- $this->id = $data['id'];
	- }
	-
	- public function processRequest() {
	- $request = $this->getRequest();
	- $viewer = $request->getUser();
	+ public function handleRequest(AphrontRequest $request) {
	+ $viewer = $request->getViewer();
	+ $id = $request->getURIData('id');

	$credential = id(new PassphraseCredentialQuery())
	->setViewer($viewer)
	- ->withIDs(array($this->id))
	+ ->withIDs(array($id))
	->executeOne();
	if (!$credential) {
	return new Aphront404Response();
	}

	$type = PassphraseCredentialType::getTypeByConstant(
	$credential->getCredentialType());
	if (!$type) {
	throw new Exception(pht('Credential has invalid type "%s"!', $type));
	}

	$timeline = $this->buildTransactionTimeline(
	$credential,
	new PassphraseCredentialTransactionQuery());
	$timeline->setShouldTerminate(true);

	$title = pht('%s %s', 'K'.$credential->getID(), $credential->getName());
	$crumbs = $this->buildApplicationCrumbs();
	$crumbs->addTextCrumb('K'.$credential->getID());

	$header = $this->buildHeaderView($credential);
	$actions = $this->buildActionView($credential, $type);
	$properties = $this->buildPropertyView($credential, $type, $actions);

	$box = id(new PHUIObjectBoxView())
	->setHeader($header)
	->addPropertyList($properties);

	return $this->buildApplicationPage(
	array(
	$crumbs,
	$box,
	$timeline,
	),
	array(
	'title' => $title,
	));
	}

	private function buildHeaderView(PassphraseCredential $credential) {
	$viewer = $this->getRequest()->getUser();

	$header = id(new PHUIHeaderView())
	->setUser($viewer)
	->setHeader($credential->getName())
	->setPolicyObject($credential);

	if ($credential->getIsDestroyed()) {
	$header->setStatus('fa-ban', 'red', pht('Destroyed'));
	}

	return $header;
	}

	private function buildActionView(
	PassphraseCredential $credential,
	PassphraseCredentialType $type) {
	$viewer = $this->getRequest()->getUser();

	$id = $credential->getID();

	$is_locked = $credential->getIsLocked();
	if ($is_locked) {
	$credential_lock_text = pht('Locked Permanently');
	$credential_lock_icon = 'fa-lock';
	} else {
	$credential_lock_text = pht('Lock Permanently');
	$credential_lock_icon = 'fa-unlock';
	}

	$allow_conduit = $credential->getAllowConduit();
	if ($allow_conduit) {
	$credential_conduit_text = pht('Prevent Conduit Access');
	$credential_conduit_icon = 'fa-ban';
	} else {
	$credential_conduit_text = pht('Allow Conduit Access');
	$credential_conduit_icon = 'fa-wrench';
	}

	$actions = id(new PhabricatorActionListView())
	->setObjectURI('/K'.$id)
	->setObject($credential)
	->setUser($viewer);

	$can_edit = PhabricatorPolicyFilter::hasCapability(
	$viewer,
	$credential,
	PhabricatorPolicyCapability::CAN_EDIT);

	$actions->addAction(
	id(new PhabricatorActionView())
	->setName(pht('Edit Credential'))
	->setIcon('fa-pencil')
	->setHref($this->getApplicationURI("edit/{$id}/"))
	->setDisabled(!$can_edit)
	->setWorkflow(!$can_edit));

	if (!$credential->getIsDestroyed()) {
	$actions->addAction(
	id(new PhabricatorActionView())
	->setName(pht('Destroy Credential'))
	->setIcon('fa-times')
	->setHref($this->getApplicationURI("destroy/{$id}/"))
	->setDisabled(!$can_edit)
	->setWorkflow(true));

	$actions->addAction(
	id(new PhabricatorActionView())
	->setName(pht('Show Secret'))
	->setIcon('fa-eye')
	->setHref($this->getApplicationURI("reveal/{$id}/"))
	->setDisabled(!$can_edit \|\| $is_locked)
	->setWorkflow(true));

	if ($type->hasPublicKey()) {
	$actions->addAction(
	id(new PhabricatorActionView())
	->setName(pht('Show Public Key'))
	->setIcon('fa-download')
	->setHref($this->getApplicationURI("public/{$id}/"))
	->setDisabled(!$can_edit)
	->setWorkflow(true));
	}

	$actions->addAction(
	id(new PhabricatorActionView())
	->setName($credential_conduit_text)
	->setIcon($credential_conduit_icon)
	->setHref($this->getApplicationURI("conduit/{$id}/"))
	->setDisabled(!$can_edit)
	->setWorkflow(true));

	$actions->addAction(
	id(new PhabricatorActionView())
	->setName($credential_lock_text)
	->setIcon($credential_lock_icon)
	->setHref($this->getApplicationURI("lock/{$id}/"))
	->setDisabled(!$can_edit \|\| $is_locked)
	->setWorkflow(true));
	}


	return $actions;
	}

	private function buildPropertyView(
	PassphraseCredential $credential,
	PassphraseCredentialType $type,
	PhabricatorActionListView $actions) {
	$viewer = $this->getRequest()->getUser();

	$properties = id(new PHUIPropertyListView())
	->setUser($viewer)
	->setObject($credential)
	->setActionList($actions);

	$properties->addProperty(
	pht('Credential Type'),
	$type->getCredentialTypeName());

	$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions(
	$viewer,
	$credential);

	$properties->addProperty(
	pht('Editable By'),
	$descriptions[PhabricatorPolicyCapability::CAN_EDIT]);

	if ($type->shouldRequireUsername()) {
	$properties->addProperty(
	pht('Username'),
	$credential->getUsername());
	}

	$used_by_phids = PhabricatorEdgeQuery::loadDestinationPHIDs(
	$credential->getPHID(),
	PhabricatorCredentialsUsedByObjectEdgeType::EDGECONST);

	if ($used_by_phids) {
	$properties->addProperty(
	pht('Used By'),
	$viewer->renderHandleList($used_by_phids));
	}

	$description = $credential->getDescription();
	if (strlen($description)) {
	$properties->addSectionHeader(
	pht('Description'),
	PHUIPropertyListView::ICON_SUMMARY);
	$properties->addTextContent(
	PhabricatorMarkupEngine::renderOneObject(
	id(new PhabricatorMarkupOneOff())
	->setContent($description),
	'default',
	$viewer));
	}

	return $properties;
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Sun, Jul 27, 8:05 PM (1 w, 8 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 186117
Default Alt Text: (38 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions