mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 05:50:55 +01:00
Improve UI messaging around "one-shot" vs "session upgrade" MFA
Summary: Depends on D19899. Ref T13222. When we prompt you for one-shot MFA, we currently give you a lot of misleading text about your session staying in "high security mode". Differentiate between one-shot and session upgrade MFA, and give the user appropriate cues and explanatory text. Test Plan: - Hit one-shot MFA on an "mfa" task in Maniphest. - Hit session upgrade MFA in Settings > Multi-Factor. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19900
This commit is contained in:
parent
d3c325c4fc
commit
1c89b3175f
3 changed files with 56 additions and 20 deletions
|
@ -45,40 +45,65 @@ final class PhabricatorHighSecurityRequestExceptionHandler
|
|||
}
|
||||
}
|
||||
|
||||
$is_upgrade = $throwable->getIsSessionUpgrade();
|
||||
|
||||
if ($is_upgrade) {
|
||||
$title = pht('Enter High Security');
|
||||
} else {
|
||||
$title = pht('Provide MFA Credentials');
|
||||
}
|
||||
|
||||
if ($is_wait) {
|
||||
$submit = pht('Wait Patiently');
|
||||
} else {
|
||||
} else if ($is_upgrade) {
|
||||
$submit = pht('Enter High Security');
|
||||
} else {
|
||||
$submit = pht('Continue');
|
||||
}
|
||||
|
||||
$dialog = id(new AphrontDialogView())
|
||||
->setUser($viewer)
|
||||
->setTitle(pht('Entering High Security'))
|
||||
->setTitle($title)
|
||||
->setShortTitle(pht('Security Checkpoint'))
|
||||
->setWidth(AphrontDialogView::WIDTH_FORM)
|
||||
->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
|
||||
->setErrors(
|
||||
array(
|
||||
pht(
|
||||
'You are taking an action which requires you to enter '.
|
||||
'high security.'),
|
||||
))
|
||||
->appendParagraph(
|
||||
pht(
|
||||
'High security mode helps protect your account from security '.
|
||||
'threats, like session theft or someone messing with your stuff '.
|
||||
'while you\'re grabbing a coffee. To enter high security mode, '.
|
||||
'confirm your credentials.'))
|
||||
->appendChild($form->buildLayoutView())
|
||||
->appendParagraph(
|
||||
pht(
|
||||
'Your account will remain in high security mode for a short '.
|
||||
'period of time. When you are finished taking sensitive '.
|
||||
'actions, you should leave high security.'))
|
||||
->setSubmitURI($request->getPath())
|
||||
->addCancelButton($throwable->getCancelURI())
|
||||
->addSubmitButton($submit);
|
||||
|
||||
$form_layout = $form->buildLayoutView();
|
||||
|
||||
if ($is_upgrade) {
|
||||
$dialog
|
||||
->setErrors(
|
||||
array(
|
||||
pht(
|
||||
'You are taking an action which requires you to enter '.
|
||||
'high security.'),
|
||||
))
|
||||
->appendParagraph(
|
||||
pht(
|
||||
'High security mode helps protect your account from security '.
|
||||
'threats, like session theft or someone messing with your stuff '.
|
||||
'while you\'re grabbing a coffee. To enter high security mode, '.
|
||||
'confirm your credentials.'))
|
||||
->appendChild($form_layout)
|
||||
->appendParagraph(
|
||||
pht(
|
||||
'Your account will remain in high security mode for a short '.
|
||||
'period of time. When you are finished taking sensitive '.
|
||||
'actions, you should leave high security.'));
|
||||
} else {
|
||||
$dialog
|
||||
->setErrors(
|
||||
array(
|
||||
pht(
|
||||
'You are taking an action which requires you to provide '.
|
||||
'multi-factor credentials.'),
|
||||
))
|
||||
->appendChild($form_layout);
|
||||
}
|
||||
|
||||
$request_parameters = $request->getPassthroughRequestParameters(
|
||||
$respect_quicksand = true);
|
||||
foreach ($request_parameters as $key => $value) {
|
||||
|
|
|
@ -684,6 +684,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
|
|||
|
||||
throw id(new PhabricatorAuthHighSecurityRequiredException())
|
||||
->setCancelURI($cancel_uri)
|
||||
->setIsSessionUpgrade($upgrade_session)
|
||||
->setFactors($factors)
|
||||
->setFactorValidationResults($validation_results);
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception {
|
|||
private $cancelURI;
|
||||
private $factors;
|
||||
private $factorValidationResults;
|
||||
private $isSessionUpgrade;
|
||||
|
||||
public function setFactorValidationResults(array $results) {
|
||||
assert_instances_of($results, 'PhabricatorAuthFactorResult');
|
||||
|
@ -35,4 +36,13 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception {
|
|||
return $this->cancelURI;
|
||||
}
|
||||
|
||||
public function setIsSessionUpgrade($is_upgrade) {
|
||||
$this->isSessionUpgrade = $is_upgrade;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getIsSessionUpgrade() {
|
||||
return $this->isSessionUpgrade;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue