Improve UI messaging around "one-shot" vs "session upgrade" MFA

Summary: Depends on D19899. Ref T13222. When we prompt you for one-shot MFA, we currently give you a lot of misleading text about your session staying in "high security mode". Differentiate between one-shot and session upgrade MFA, and give the user appropriate cues and explanatory text. Test Plan: - Hit one-shot MFA on an "mfa" task in Maniphest. - Hit session upgrade MFA in Settings > Multi-Factor. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19900
2024-11-22 14:52:41 +01:00 · 2018-12-18 08:02:40 -08:00 · 2018-12-18 08:02:40 -08:00 · 1c89b3175f
commit 1c89b3175f
parent d3c325c4fc
3 changed files with 56 additions and 20 deletions
--- a/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php
+++ b/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php
@ -45,40 +45,65 @@ final class PhabricatorHighSecurityRequestExceptionHandler
      }
    }

+    $is_upgrade = $throwable->getIsSessionUpgrade();
+
+    if ($is_upgrade) {
+      $title = pht('Enter High Security');
+    } else {
+      $title = pht('Provide MFA Credentials');
+    }
+
    if ($is_wait) {
      $submit = pht('Wait Patiently');
-    } else {
+    } else if ($is_upgrade) {
      $submit = pht('Enter High Security');
+    } else {
+      $submit = pht('Continue');
    }

    $dialog = id(new AphrontDialogView())
      ->setUser($viewer)
-      ->setTitle(pht('Entering High Security'))
+      ->setTitle($title)
      ->setShortTitle(pht('Security Checkpoint'))
      ->setWidth(AphrontDialogView::WIDTH_FORM)
      ->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
-      ->setErrors(
-        array(
-          pht(
-            'You are taking an action which requires you to enter '.
-            'high security.'),
-        ))
-      ->appendParagraph(
-        pht(
-          'High security mode helps protect your account from security '.
-          'threats, like session theft or someone messing with your stuff '.
-          'while you\'re grabbing a coffee. To enter high security mode, '.
-          'confirm your credentials.'))
-      ->appendChild($form->buildLayoutView())
-      ->appendParagraph(
-        pht(
-          'Your account will remain in high security mode for a short '.
-          'period of time. When you are finished taking sensitive '.
-          'actions, you should leave high security.'))
      ->setSubmitURI($request->getPath())
      ->addCancelButton($throwable->getCancelURI())
      ->addSubmitButton($submit);

+    $form_layout = $form->buildLayoutView();
+
+    if ($is_upgrade) {
+      $dialog
+        ->setErrors(
+          array(
+            pht(
+              'You are taking an action which requires you to enter '.
+              'high security.'),
+          ))
+        ->appendParagraph(
+          pht(
+            'High security mode helps protect your account from security '.
+            'threats, like session theft or someone messing with your stuff '.
+            'while you\'re grabbing a coffee. To enter high security mode, '.
+            'confirm your credentials.'))
+        ->appendChild($form_layout)
+        ->appendParagraph(
+          pht(
+            'Your account will remain in high security mode for a short '.
+            'period of time. When you are finished taking sensitive '.
+            'actions, you should leave high security.'));
+    } else {
+      $dialog
+        ->setErrors(
+          array(
+            pht(
+              'You are taking an action which requires you to provide '.
+              'multi-factor credentials.'),
+          ))
+        ->appendChild($form_layout);
+    }
+
    $request_parameters = $request->getPassthroughRequestParameters(
      $respect_quicksand = true);
    foreach ($request_parameters as $key => $value) {
--- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
+++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
@ -684,6 +684,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {

    throw id(new PhabricatorAuthHighSecurityRequiredException())
      ->setCancelURI($cancel_uri)
+      ->setIsSessionUpgrade($upgrade_session)
      ->setFactors($factors)
      ->setFactorValidationResults($validation_results);
  }
--- a/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php
+++ b/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php
@ -5,6 +5,7 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception {
  private $cancelURI;
  private $factors;
  private $factorValidationResults;
+  private $isSessionUpgrade;

  public function setFactorValidationResults(array $results) {
    assert_instances_of($results, 'PhabricatorAuthFactorResult');
@ -35,4 +36,13 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception {
    return $this->cancelURI;
  }

+  public function setIsSessionUpgrade($is_upgrade) {
+    $this->isSessionUpgrade = $is_upgrade;
+    return $this;
+  }
+
+  public function getIsSessionUpgrade() {
+    return $this->isSessionUpgrade;
+  }
+
 }