public function didInitializeNewCredential(PhabricatorUser $actor, PassphraseCredential $credential)
{
$pair = PhabricatorSSHKeyGenerator::generateKeypair();
list($public_key, $private_key) = $pair;
$credential->attachSecret(new PhutilOpaqueEnvelope($private_key));
return $credential;
}
public function processRequest(AphrontRequest $request)
{
$user = $this->getUser();
$viewer = $request->getUser();
$keys = id(new PhabricatorAuthSSHKeyQuery())->setViewer($viewer)->withObjectPHIDs(array($user->getPHID()))->execute();
$table = id(new PhabricatorAuthSSHKeyTableView())->setUser($viewer)->setKeys($keys)->setCanEdit(true)->setNoDataString(pht("You haven't added any SSH Public Keys."));
$panel = new PHUIObjectBoxView();
$header = new PHUIHeaderView();
$upload_icon = id(new PHUIIconView())->setIconFont('fa-upload');
$upload_button = id(new PHUIButtonView())->setText(pht('Upload Public Key'))->setHref('/auth/sshkey/upload/?objectPHID=' . $user->getPHID())->setWorkflow(true)->setTag('a')->setIcon($upload_icon);
try {
PhabricatorSSHKeyGenerator::assertCanGenerateKeypair();
$can_generate = true;
} catch (Exception $ex) {
$can_generate = false;
}
$generate_icon = id(new PHUIIconView())->setIconFont('fa-lock');
$generate_button = id(new PHUIButtonView())->setText(pht('Generate Keypair'))->setHref('/auth/sshkey/generate/?objectPHID=' . $user->getPHID())->setTag('a')->setWorkflow(true)->setDisabled(!$can_generate)->setIcon($generate_icon);
$header->setHeader(pht('SSH Public Keys'));
$header->addActionLink($generate_button);
$header->addActionLink($upload_button);
$panel->setHeader($header);
$panel->setTable($table);
return $panel;
}
public function handleRequest(AphrontRequest $request)
{
$viewer = $this->getViewer();
$key = $this->newKeyForObjectPHID($request->getStr('objectPHID'));
if (!$key) {
return new Aphront404Response();
}
$cancel_uri = $key->getObject()->getSSHPublicKeyManagementURI($viewer);
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($viewer, $request, $cancel_uri);
if ($request->isFormPost()) {
$default_name = $key->getObject()->getSSHKeyDefaultName();
$keys = PhabricatorSSHKeyGenerator::generateKeypair();
list($public_key, $private_key) = $keys;
$file = PhabricatorFile::buildFromFileDataOrHash($private_key, array('name' => $default_name . '.key', 'ttl' => time() + 60 * 10, 'viewPolicy' => $viewer->getPHID()));
$public_key = PhabricatorAuthSSHPublicKey::newFromRawKey($public_key);
$type = $public_key->getType();
$body = $public_key->getBody();
$key->setName($default_name)->setKeyType($type)->setKeyBody($body)->setKeyComment(pht('Generated'))->save();
// NOTE: We're disabling workflow on submit so the download works. We're
// disabling workflow on cancel so the page reloads, showing the new
// key.
return $this->newDialog()->setTitle(pht('Download Private Key'))->setDisableWorkflowOnCancel(true)->setDisableWorkflowOnSubmit(true)->setSubmitURI($file->getDownloadURI())->appendParagraph(pht('A keypair has been generated, and the public key has been ' . 'added as a recognized key. Use the button below to download ' . 'the private key.'))->appendParagraph(pht('After you download the private key, it will be destroyed. ' . 'You will not be able to retrieve it if you lose your copy.'))->addSubmitButton(pht('Download Private Key'))->addCancelButton($cancel_uri, pht('Done'));
}
try {
PhabricatorSSHKeyGenerator::assertCanGenerateKeypair();
return $this->newDialog()->setTitle(pht('Generate New Keypair'))->addHiddenInput('objectPHID', $key->getObject()->getPHID())->appendParagraph(pht('This workflow will generate a new SSH keypair, add the public ' . 'key, and let you download the private key.'))->appendParagraph(pht('Phabricator will not retain a copy of the private key.'))->addSubmitButton(pht('Generate New Keypair'))->addCancelButton($cancel_uri);
} catch (Exception $ex) {
return $this->newDialog()->setTitle(pht('Unable to Generate Keys'))->appendParagraph($ex->getMessage())->addCancelButton($cancel_uri);
}
}
public static function newKeyActionsMenu(PhabricatorUser $viewer, PhabricatorSSHPublicKeyInterface $object)
{
$can_edit = PhabricatorPolicyFilter::hasCapability($viewer, $object, PhabricatorPolicyCapability::CAN_EDIT);
try {
PhabricatorSSHKeyGenerator::assertCanGenerateKeypair();
$can_generate = true;
} catch (Exception $ex) {
$can_generate = false;
}
$object_phid = $object->getPHID();
$generate_uri = "/auth/sshkey/generate/?objectPHID={$object_phid}";
$upload_uri = "/auth/sshkey/upload/?objectPHID={$object_phid}";
$view_uri = "/auth/sshkey/for/{$object_phid}/";
$action_view = id(new PhabricatorActionListView())->setUser($viewer)->addAction(id(new PhabricatorActionView())->setHref($upload_uri)->setWorkflow(true)->setDisabled(!$can_edit)->setName(pht('Upload Public Key'))->setIcon('fa-upload'))->addAction(id(new PhabricatorActionView())->setHref($generate_uri)->setWorkflow(true)->setDisabled(!$can_edit || !$can_generate)->setName(pht('Generate Keypair'))->setIcon('fa-lock'))->addAction(id(new PhabricatorActionView())->setHref($view_uri)->setName(pht('View History'))->setIcon('fa-list-ul'));
return id(new PHUIButtonView())->setTag('a')->setText(pht('SSH Key Actions'))->setHref('#')->setIcon('fa-gear')->setDropdownMenu($action_view);
}
private function buildSSHKeysTable(AlmanacDevice $device)
{
$viewer = $this->getViewer();
$id = $device->getID();
$device_phid = $device->getPHID();
$can_edit = PhabricatorPolicyFilter::hasCapability($viewer, $device, PhabricatorPolicyCapability::CAN_EDIT);
$keys = id(new PhabricatorAuthSSHKeyQuery())->setViewer($viewer)->withObjectPHIDs(array($device_phid))->execute();
$table = id(new PhabricatorAuthSSHKeyTableView())->setUser($viewer)->setKeys($keys)->setCanEdit($can_edit)->setShowID(true)->setShowTrusted(true)->setNoDataString(pht('This device has no associated SSH public keys.'));
try {
PhabricatorSSHKeyGenerator::assertCanGenerateKeypair();
$can_generate = true;
} catch (Exception $ex) {
$can_generate = false;
}
$generate_uri = '/auth/sshkey/generate/?objectPHID=' . $device_phid;
$upload_uri = '/auth/sshkey/upload/?objectPHID=' . $device_phid;
$header = id(new PHUIHeaderView())->setHeader(pht('SSH PUBLIC KEYS'))->addActionLink(id(new PHUIButtonView())->setTag('a')->setHref($generate_uri)->setWorkflow(true)->setDisabled(!$can_edit || !$can_generate)->setText(pht('Generate Keypair'))->setIcon(id(new PHUIIconView())->setIcon('fa-lock')))->addActionLink(id(new PHUIButtonView())->setTag('a')->setHref($upload_uri)->setWorkflow(true)->setDisabled(!$can_edit)->setText(pht('Upload Public Key'))->setIcon(id(new PHUIIconView())->setIcon('fa-upload')));
return id(new PHUIObjectBoxView())->setHeader($header)->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)->setTable($table);
}
private function processGenerate(AphrontRequest $request)
{
$user = $this->getUser();
$viewer = $request->getUser();
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($viewer, $request, $this->getPanelURI());
$is_self = $user->getPHID() == $viewer->getPHID();
if ($request->isFormPost()) {
$keys = PhabricatorSSHKeyGenerator::generateKeypair();
list($public_key, $private_key) = $keys;
$file = PhabricatorFile::buildFromFileDataOrHash($private_key, array('name' => 'id_rsa_phabricator.key', 'ttl' => time() + 60 * 10, 'viewPolicy' => $viewer->getPHID()));
list($type, $body, $comment) = self::parsePublicKey($public_key);
$key = id(new PhabricatorUserSSHKey())->setUserPHID($user->getPHID())->setName('id_rsa_phabricator')->setKeyType($type)->setKeyBody($body)->setKeyHash(md5($body))->setKeyComment(pht('Generated'))->save();
// NOTE: We're disabling workflow on submit so the download works. We're
// disabling workflow on cancel so the page reloads, showing the new
// key.
if ($is_self) {
$what_happened = pht('The public key has been associated with your Phabricator ' . 'account. Use the button below to download the private key.');
} else {
$what_happened = pht('The public key has been associated with the %s account. ' . 'Use the button below to download the private key.', phutil_tag('strong', array(), $user->getUsername()));
}
$dialog = id(new AphrontDialogView())->setTitle(pht('Download Private Key'))->setUser($viewer)->setDisableWorkflowOnCancel(true)->setDisableWorkflowOnSubmit(true)->setSubmitURI($file->getDownloadURI())->appendParagraph(pht('Successfully generated a new keypair.'))->appendParagraph($what_happened)->appendParagraph(pht('After you download the private key, it will be destroyed. ' . 'You will not be able to retrieve it if you lose your copy.'))->addSubmitButton(pht('Download Private Key'))->addCancelButton($this->getPanelURI(), pht('Done'));
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$dialog = id(new AphrontDialogView())->setUser($viewer)->addCancelButton($this->getPanelURI());
try {
PhabricatorSSHKeyGenerator::assertCanGenerateKeypair();
if ($is_self) {
$explain = pht('This will generate an SSH keypair, associate the public key ' . 'with your account, and let you download the private key.');
} else {
$explain = pht('This will generate an SSH keypair, associate the public key with ' . 'the %s account, and let you download the private key.', phutil_tag('strong', array(), $user->getUsername()));
}
$dialog->addHiddenInput('generate', true)->setTitle(pht('Generate New Keypair'))->appendParagraph($explain)->appendParagraph(pht('Phabricator will not retain a copy of the private key.'))->addSubmitButton(pht('Generate Keypair'));
} catch (Exception $ex) {
$dialog->setTitle(pht('Unable to Generate Keys'))->appendParagraph($ex->getMessage());
}
return id(new AphrontDialogResponse())->setDialog($dialog);
}
