From 02f94cd7d2885de502d03934af3a0c24453e8e58 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Fri, 29 Mar 2019 09:50:50 -0700
Subject: [PATCH] Fix an issue with Duo not live-updating properly on login
 gates

Summary:
See <https://discourse.phabricator-community.org/t/duo-broken-in-2019-week-12/2580/>.

The "live update Duo status" endpoint currently requires full sessions, and doesn't work from the session upgrade gate on login.

Don't require a full session to check the status of an MFA challenge.

Test Plan: Went through Duo gate in a new session, got a live update.

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D20347
---
 .../mfa/PhabricatorAuthChallengeStatusController.php        | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/applications/auth/controller/mfa/PhabricatorAuthChallengeStatusController.php b/src/applications/auth/controller/mfa/PhabricatorAuthChallengeStatusController.php
index 884bbaad6d..3fbffabc89 100644
--- a/src/applications/auth/controller/mfa/PhabricatorAuthChallengeStatusController.php
+++ b/src/applications/auth/controller/mfa/PhabricatorAuthChallengeStatusController.php
@@ -3,6 +3,12 @@
 final class PhabricatorAuthChallengeStatusController
   extends PhabricatorAuthController {
 
+  public function shouldAllowPartialSessions() {
+    // We expect that users may request the status of an MFA challenge when
+    // they hit the session upgrade gate on login.
+    return true;
+  }
+
   public function handleRequest(AphrontRequest $request) {
     $viewer = $this->getViewer();
     $id = $request->getURIData('id');