src/applications/auth/storage/PhabricatorAuthSSHKey.php

   1 <?php
   2
   3 final class PhabricatorAuthSSHKey
   4   extends PhabricatorAuthDAO
   5   implements
   6     PhabricatorPolicyInterface,
   7     PhabricatorDestructibleInterface,
   8     PhabricatorApplicationTransactionInterface {
   9
  10   protected $objectPHID;
  11   protected $name;
  12   protected $keyType;
  13   protected $keyIndex;
  14   protected $keyBody;
  15   protected $keyComment = '';
  16   protected $isTrusted = 0;
  17   protected $isActive;
  18
  19   private $object = self::ATTACHABLE;
  20
  21   public static function initializeNewSSHKey(
  22     PhabricatorUser $viewer,
  23     PhabricatorSSHPublicKeyInterface $object) {
  24
  25     // You must be able to edit an object to create a new key on it.
  26     PhabricatorPolicyFilter::requireCapability(
  27       $viewer,
  28       $object,
  29       PhabricatorPolicyCapability::CAN_EDIT);
  30
  31     $object_phid = $object->getPHID();
  32
  33     return id(new self())
  34       ->setIsActive(1)
  35       ->setObjectPHID($object_phid)
  36       ->attachObject($object);
  37   }
  38
  39   protected function getConfiguration() {
  40     return array(
  41       self::CONFIG_AUX_PHID => true,
  42       self::CONFIG_COLUMN_SCHEMA => array(
  43         'name' => 'text255',
  44         'keyType' => 'text255',
  45         'keyIndex' => 'bytes12',
  46         'keyBody' => 'text',
  47         'keyComment' => 'text255',
  48         'isTrusted' => 'bool',
  49         'isActive' => 'bool?',
  50       ),
  51       self::CONFIG_KEY_SCHEMA => array(
  52         'key_object' => array(
  53           'columns' => array('objectPHID'),
  54         ),
  55         'key_active' => array(
  56           'columns' => array('isActive', 'objectPHID'),
  57         ),
  58         // NOTE: This unique key includes a nullable column, effectively
  59         // constraining uniqueness on active keys only.
  60         'key_activeunique' => array(
  61           'columns' => array('keyIndex', 'isActive'),
  62           'unique' => true,
  63         ),
  64       ),
  65     ) + parent::getConfiguration();
  66   }
  67
  68   public function save() {
  69     $this->setKeyIndex($this->toPublicKey()->getHash());
  70     return parent::save();
  71   }
  72
  73   public function toPublicKey() {
  74     return PhabricatorAuthSSHPublicKey::newFromStoredKey($this);
  75   }
  76
  77   public function getEntireKey() {
  78     $parts = array(
  79       $this->getKeyType(),
  80       $this->getKeyBody(),
  81       $this->getKeyComment(),
  82     );
  83     return trim(implode(' ', $parts));
  84   }
  85
  86   public function getObject() {
  87     return $this->assertAttached($this->object);
  88   }
  89
  90   public function attachObject(PhabricatorSSHPublicKeyInterface $object) {
  91     $this->object = $object;
  92     return $this;
  93   }
  94
  95   public function generatePHID() {
  96     return PhabricatorPHID::generateNewPHID(
  97       PhabricatorAuthSSHKeyPHIDType::TYPECONST);
  98   }
  99
 100   public function getURI() {
 101     $id = $this->getID();
 102     return "/auth/sshkey/view/{$id}/";
 103   }
 104
 105 /* -(  PhabricatorPolicyInterface  )----------------------------------------- */
 106
 107
 108   public function getCapabilities() {
 109     return array(
 110       PhabricatorPolicyCapability::CAN_VIEW,
 111       PhabricatorPolicyCapability::CAN_EDIT,
 112     );
 113   }
 114
 115   public function getPolicy($capability) {
 116     if (!$this->getIsActive()) {
 117       if ($capability == PhabricatorPolicyCapability::CAN_EDIT) {
 118         return PhabricatorPolicies::POLICY_NOONE;
 119       }
 120     }
 121
 122     return $this->getObject()->getPolicy($capability);
 123   }
 124
 125   public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
 126     if (!$this->getIsActive()) {
 127       return false;
 128     }
 129
 130     return $this->getObject()->hasAutomaticCapability($capability, $viewer);
 131   }
 132
 133   public function describeAutomaticCapability($capability) {
 134     if (!$this->getIsACtive()) {
 135       return pht(
 136         'Revoked SSH keys can not be edited or reinstated.');
 137     }
 138
 139     return pht(
 140       'SSH keys inherit the policies of the user or object they authenticate.');
 141   }
 142
 143 /* -(  PhabricatorDestructibleInterface  )----------------------------------- */
 144
 145
 146   public function destroyObjectPermanently(
 147     PhabricatorDestructionEngine $engine) {
 148
 149     $this->openTransaction();
 150     $this->delete();
 151     $this->saveTransaction();
 152   }
 153
 154
 155 /* -(  PhabricatorApplicationTransactionInterface  )------------------------- */
 156
 157
 158   public function getApplicationTransactionEditor() {
 159     return new PhabricatorAuthSSHKeyEditor();
 160   }
 161
 162   public function getApplicationTransactionTemplate() {
 163     return new PhabricatorAuthSSHKeyTransaction();
 164   }
 165
 166 }