Path: blob/master/src/applications/diffusion/editor/DiffusionURIEditor.php
12242 views
<?php12final class DiffusionURIEditor3extends PhabricatorApplicationTransactionEditor {45private $repository;6private $repositoryPHID;78public function getEditorApplicationClass() {9return 'PhabricatorDiffusionApplication';10}1112public function getEditorObjectsDescription() {13return pht('Diffusion URIs');14}1516public function getTransactionTypes() {17$types = parent::getTransactionTypes();1819$types[] = PhabricatorRepositoryURITransaction::TYPE_REPOSITORY;20$types[] = PhabricatorRepositoryURITransaction::TYPE_URI;21$types[] = PhabricatorRepositoryURITransaction::TYPE_IO;22$types[] = PhabricatorRepositoryURITransaction::TYPE_DISPLAY;23$types[] = PhabricatorRepositoryURITransaction::TYPE_CREDENTIAL;24$types[] = PhabricatorRepositoryURITransaction::TYPE_DISABLE;2526return $types;27}2829protected function getCustomTransactionOldValue(30PhabricatorLiskDAO $object,31PhabricatorApplicationTransaction $xaction) {3233switch ($xaction->getTransactionType()) {34case PhabricatorRepositoryURITransaction::TYPE_URI:35return $object->getURI();36case PhabricatorRepositoryURITransaction::TYPE_IO:37return $object->getIOType();38case PhabricatorRepositoryURITransaction::TYPE_DISPLAY:39return $object->getDisplayType();40case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY:41return $object->getRepositoryPHID();42case PhabricatorRepositoryURITransaction::TYPE_CREDENTIAL:43return $object->getCredentialPHID();44case PhabricatorRepositoryURITransaction::TYPE_DISABLE:45return (int)$object->getIsDisabled();46}4748return parent::getCustomTransactionOldValue($object, $xaction);49}5051protected function getCustomTransactionNewValue(52PhabricatorLiskDAO $object,53PhabricatorApplicationTransaction $xaction) {5455switch ($xaction->getTransactionType()) {56case PhabricatorRepositoryURITransaction::TYPE_URI:57case PhabricatorRepositoryURITransaction::TYPE_IO:58case PhabricatorRepositoryURITransaction::TYPE_DISPLAY:59case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY:60case PhabricatorRepositoryURITransaction::TYPE_CREDENTIAL:61return $xaction->getNewValue();62case PhabricatorRepositoryURITransaction::TYPE_DISABLE:63return (int)$xaction->getNewValue();64}6566return parent::getCustomTransactionNewValue($object, $xaction);67}6869protected function applyCustomInternalTransaction(70PhabricatorLiskDAO $object,71PhabricatorApplicationTransaction $xaction) {7273switch ($xaction->getTransactionType()) {74case PhabricatorRepositoryURITransaction::TYPE_URI:75if (!$this->getIsNewObject()) {76$old_uri = $object->getEffectiveURI();77} else {78$old_uri = null;7980// When creating a URI via the API, we may not have processed the81// repository transaction yet. Attach the repository here to make82// sure we have it for the calls below.83if ($this->repository) {84$object->attachRepository($this->repository);85}86}8788$object->setURI($xaction->getNewValue());8990// If we've changed the domain or protocol of the URI, remove the91// current credential. This improves behavior in several cases:9293// If a user switches between protocols with different credential94// types, like HTTP and SSH, the old credential won't be valid anyway.95// It's cleaner to remove it than leave a bad credential in place.9697// If a user switches hosts, the old credential is probably not98// correct (and potentially confusing/misleading). Removing it forces99// users to double check that they have the correct credentials.100101// If an attacker can't see a symmetric credential like a username and102// password, they could still potentially capture it by changing the103// host for a URI that uses it to `evil.com`, a server they control,104// then observing the requests. Removing the credential prevents this105// kind of escalation.106107// Since port and path changes are less likely to fall among these108// cases, they don't trigger a credential wipe.109110$new_uri = $object->getEffectiveURI();111if ($old_uri) {112$new_proto = ($old_uri->getProtocol() != $new_uri->getProtocol());113$new_domain = ($old_uri->getDomain() != $new_uri->getDomain());114if ($new_proto || $new_domain) {115$object->setCredentialPHID(null);116}117}118break;119case PhabricatorRepositoryURITransaction::TYPE_IO:120$object->setIOType($xaction->getNewValue());121break;122case PhabricatorRepositoryURITransaction::TYPE_DISPLAY:123$object->setDisplayType($xaction->getNewValue());124break;125case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY:126$object->setRepositoryPHID($xaction->getNewValue());127$object->attachRepository($this->repository);128break;129case PhabricatorRepositoryURITransaction::TYPE_CREDENTIAL:130$object->setCredentialPHID($xaction->getNewValue());131break;132case PhabricatorRepositoryURITransaction::TYPE_DISABLE:133$object->setIsDisabled($xaction->getNewValue());134break;135}136}137138protected function applyCustomExternalTransaction(139PhabricatorLiskDAO $object,140PhabricatorApplicationTransaction $xaction) {141142switch ($xaction->getTransactionType()) {143case PhabricatorRepositoryURITransaction::TYPE_URI:144case PhabricatorRepositoryURITransaction::TYPE_IO:145case PhabricatorRepositoryURITransaction::TYPE_DISPLAY:146case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY:147case PhabricatorRepositoryURITransaction::TYPE_CREDENTIAL:148case PhabricatorRepositoryURITransaction::TYPE_DISABLE:149return;150}151152return parent::applyCustomExternalTransaction($object, $xaction);153}154155protected function validateTransaction(156PhabricatorLiskDAO $object,157$type,158array $xactions) {159160$errors = parent::validateTransaction($object, $type, $xactions);161162switch ($type) {163case PhabricatorRepositoryURITransaction::TYPE_REPOSITORY:164// Save this, since we need it to validate TYPE_IO transactions.165$this->repositoryPHID = $object->getRepositoryPHID();166167$missing = $this->validateIsEmptyTextField(168$object->getRepositoryPHID(),169$xactions);170if ($missing) {171// NOTE: This isn't being marked as a missing field error because172// it's a fundamental, required property of the URI.173$errors[] = new PhabricatorApplicationTransactionValidationError(174$type,175pht('Required'),176pht(177'When creating a repository URI, you must specify which '.178'repository the URI will belong to.'),179nonempty(last($xactions), null));180break;181}182183$viewer = $this->getActor();184185foreach ($xactions as $xaction) {186$repository_phid = $xaction->getNewValue();187188// If this isn't changing anything, let it through as-is.189if ($repository_phid == $object->getRepositoryPHID()) {190continue;191}192193if (!$this->getIsNewObject()) {194$errors[] = new PhabricatorApplicationTransactionValidationError(195$type,196pht('Invalid'),197pht(198'The repository a URI is associated with is immutable, and '.199'can not be changed after the URI is created.'),200$xaction);201continue;202}203204$repository = id(new PhabricatorRepositoryQuery())205->setViewer($viewer)206->withPHIDs(array($repository_phid))207->requireCapabilities(208array(209PhabricatorPolicyCapability::CAN_VIEW,210PhabricatorPolicyCapability::CAN_EDIT,211))212->executeOne();213if (!$repository) {214$errors[] = new PhabricatorApplicationTransactionValidationError(215$type,216pht('Invalid'),217pht(218'To create a URI for a repository ("%s"), it must exist and '.219'you must have permission to edit it.',220$repository_phid),221$xaction);222continue;223}224225$this->repository = $repository;226$this->repositoryPHID = $repository_phid;227}228break;229case PhabricatorRepositoryURITransaction::TYPE_CREDENTIAL:230$viewer = $this->getActor();231foreach ($xactions as $xaction) {232$credential_phid = $xaction->getNewValue();233234if ($credential_phid == $object->getCredentialPHID()) {235continue;236}237238// Anyone who can edit a URI can remove the credential.239if ($credential_phid === null) {240continue;241}242243$credential = id(new PassphraseCredentialQuery())244->setViewer($viewer)245->withPHIDs(array($credential_phid))246->executeOne();247if (!$credential) {248$errors[] = new PhabricatorApplicationTransactionValidationError(249$type,250pht('Invalid'),251pht(252'You can only associate a credential ("%s") with a repository '.253'URI if it exists and you have permission to see it.',254$credential_phid),255$xaction);256continue;257}258}259break;260case PhabricatorRepositoryURITransaction::TYPE_URI:261$missing = $this->validateIsEmptyTextField(262$object->getURI(),263$xactions);264265if ($missing) {266$error = new PhabricatorApplicationTransactionValidationError(267$type,268pht('Required'),269pht('A repository URI must have a nonempty URI.'),270nonempty(last($xactions), null));271272$error->setIsMissingFieldError(true);273$errors[] = $error;274break;275}276277foreach ($xactions as $xaction) {278$new_uri = $xaction->getNewValue();279if ($new_uri == $object->getURI()) {280continue;281}282283try {284PhabricatorRepository::assertValidRemoteURI($new_uri);285} catch (Exception $ex) {286$errors[] = new PhabricatorApplicationTransactionValidationError(287$type,288pht('Invalid'),289$ex->getMessage(),290$xaction);291continue;292}293}294295break;296case PhabricatorRepositoryURITransaction::TYPE_IO:297$available = $object->getAvailableIOTypeOptions();298foreach ($xactions as $xaction) {299$new = $xaction->getNewValue();300301if (empty($available[$new])) {302$errors[] = new PhabricatorApplicationTransactionValidationError(303$type,304pht('Invalid'),305pht(306'Value "%s" is not a valid IO setting for this URI. '.307'Available types for this URI are: %s.',308$new,309implode(', ', array_keys($available))),310$xaction);311continue;312}313314// If we are setting this URI to use "Observe", we must have no315// other "Observe" URIs and must also have no "Read/Write" URIs.316317// If we are setting this URI to "Read/Write", we must have no318// other "Observe" URIs. It's OK to have other "Read/Write" URIs.319320$no_observers = false;321$no_readwrite = false;322switch ($new) {323case PhabricatorRepositoryURI::IO_OBSERVE:324$no_readwrite = true;325$no_observers = true;326break;327case PhabricatorRepositoryURI::IO_READWRITE:328$no_observers = true;329break;330}331332if ($no_observers || $no_readwrite) {333$repository = id(new PhabricatorRepositoryQuery())334->setViewer(PhabricatorUser::getOmnipotentUser())335->withPHIDs(array($this->repositoryPHID))336->needURIs(true)337->executeOne();338$uris = $repository->getURIs();339340$observe_conflict = null;341$readwrite_conflict = null;342foreach ($uris as $uri) {343// If this is the URI being edited, it can not conflict with344// itself.345if ($uri->getID() == $object->getID()) {346continue;347}348349$io_type = $uri->getEffectiveIOType();350351if ($io_type == PhabricatorRepositoryURI::IO_READWRITE) {352if ($no_readwrite) {353$readwrite_conflict = $uri;354break;355}356}357358if ($io_type == PhabricatorRepositoryURI::IO_OBSERVE) {359if ($no_observers) {360$observe_conflict = $uri;361break;362}363}364}365366if ($observe_conflict) {367if ($new == PhabricatorRepositoryURI::IO_OBSERVE) {368$message = pht(369'You can not set this URI to use Observe IO because '.370'another URI for this repository is already configured '.371'in Observe IO mode. A repository can not observe two '.372'different remotes simultaneously. Turn off IO for the '.373'other URI first.');374} else {375$message = pht(376'You can not set this URI to use Read/Write IO because '.377'another URI for this repository is already configured '.378'in Observe IO mode. An observed repository can not be '.379'made writable. Turn off IO for the other URI first.');380}381382$errors[] = new PhabricatorApplicationTransactionValidationError(383$type,384pht('Invalid'),385$message,386$xaction);387continue;388}389390if ($readwrite_conflict) {391$message = pht(392'You can not set this URI to use Observe IO because '.393'another URI for this repository is already configured '.394'in Read/Write IO mode. A repository can not simultaneously '.395'be writable and observe a remote. Turn off IO for the '.396'other URI first.');397398$errors[] = new PhabricatorApplicationTransactionValidationError(399$type,400pht('Invalid'),401$message,402$xaction);403continue;404}405}406}407408break;409case PhabricatorRepositoryURITransaction::TYPE_DISPLAY:410$available = $object->getAvailableDisplayTypeOptions();411foreach ($xactions as $xaction) {412$new = $xaction->getNewValue();413414if (empty($available[$new])) {415$errors[] = new PhabricatorApplicationTransactionValidationError(416$type,417pht('Invalid'),418pht(419'Value "%s" is not a valid display setting for this URI. '.420'Available types for this URI are: %s.',421$new,422implode(', ', array_keys($available))));423}424}425break;426427case PhabricatorRepositoryURITransaction::TYPE_DISABLE:428$old = $object->getIsDisabled();429foreach ($xactions as $xaction) {430$new = $xaction->getNewValue();431432if ($old == $new) {433continue;434}435436if (!$object->isBuiltin()) {437continue;438}439440$errors[] = new PhabricatorApplicationTransactionValidationError(441$type,442pht('Invalid'),443pht('You can not manually disable builtin URIs.'));444}445break;446}447448return $errors;449}450451protected function applyFinalEffects(452PhabricatorLiskDAO $object,453array $xactions) {454455// Synchronize the repository state based on the presence of an "Observe"456// URI.457$repository = $object->getRepository();458459$uris = id(new PhabricatorRepositoryURIQuery())460->setViewer(PhabricatorUser::getOmnipotentUser())461->withRepositories(array($repository))462->execute();463464// Reattach the current URIs to the repository: we're going to rebuild465// the index explicitly below, and want to include any changes made to466// this URI in the index update.467$repository->attachURIs($uris);468469$observe_uri = null;470foreach ($uris as $uri) {471if ($uri->getIoType() != PhabricatorRepositoryURI::IO_OBSERVE) {472continue;473}474475$observe_uri = $uri;476break;477}478479$was_hosted = $repository->isHosted();480481if ($observe_uri) {482$repository483->setHosted(false)484->setDetail('remote-uri', (string)$observe_uri->getEffectiveURI())485->setCredentialPHID($observe_uri->getCredentialPHID());486} else {487$repository488->setHosted(true)489->setDetail('remote-uri', null)490->setCredentialPHID(null);491}492493$repository->save();494495// Explicitly update the URI index.496$repository->updateURIIndex();497498$is_hosted = $repository->isHosted();499500// If we've swapped the repository from hosted to observed or vice versa,501// reset all the cluster version clocks.502if ($was_hosted != $is_hosted) {503$cluster_engine = id(new DiffusionRepositoryClusterEngine())504->setViewer($this->getActor())505->setRepository($repository)506->synchronizeWorkingCopyAfterHostingChange();507}508509$repository->writeStatusMessage(510PhabricatorRepositoryStatusMessage::TYPE_NEEDS_UPDATE,511null);512513return $xactions;514}515516}517518519