revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 23:02:42 +01:00
Code Issues Releases Wiki Activity

Improve UI messaging around "one-shot" vs "session upgrade" MFA

Browse source 
Summary:
Depends on D19899. Ref T13222. When we prompt you for one-shot MFA, we currently give you a lot of misleading text about your session staying in "high security mode".

Differentiate between one-shot and session upgrade MFA, and give the user appropriate cues and explanatory text.

Test Plan:
  - Hit one-shot MFA on an "mfa" task in Maniphest.
  - Hit session upgrade MFA in Settings > Multi-Factor.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13222

Differential Revision: https://secure.phabricator.com/D19900
This commit is contained in:
epriestley 2018-12-18 08:02:40 -08:00
parent d3c325c4fc
commit 1c89b3175f
3 changed files with 56 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php
View file

@ -45,40 +45,65 @@ final class PhabricatorHighSecurityRequestExceptionHandler
} }
} }
$is_upgrade = $throwable->getIsSessionUpgrade();
if ($is_upgrade) {
$title = pht('Enter High Security');
} else {
$title = pht('Provide MFA Credentials');
}
if ($is_wait) { if ($is_wait) {
$submit = pht('Wait Patiently'); $submit = pht('Wait Patiently');
} else { } else if ($is_upgrade) {
$submit = pht('Enter High Security'); $submit = pht('Enter High Security');
} else {
$submit = pht('Continue');
} }
$dialog = id(new AphrontDialogView()) $dialog = id(new AphrontDialogView())
->setUser($viewer) ->setUser($viewer)
->setTitle(pht('Entering High Security')) ->setTitle($title)
->setShortTitle(pht('Security Checkpoint')) ->setShortTitle(pht('Security Checkpoint'))
->setWidth(AphrontDialogView::WIDTH_FORM) ->setWidth(AphrontDialogView::WIDTH_FORM)
->addHiddenInput(AphrontRequest::TYPE_HISEC, true) ->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
->setErrors(
array(
pht(
'You are taking an action which requires you to enter '.
'high security.'),
))
->appendParagraph(
pht(
'High security mode helps protect your account from security '.
'threats, like session theft or someone messing with your stuff '.
'while you\'re grabbing a coffee. To enter high security mode, '.
'confirm your credentials.'))
->appendChild($form->buildLayoutView())
->appendParagraph(
pht(
'Your account will remain in high security mode for a short '.
'period of time. When you are finished taking sensitive '.
'actions, you should leave high security.'))
->setSubmitURI($request->getPath()) ->setSubmitURI($request->getPath())
->addCancelButton($throwable->getCancelURI()) ->addCancelButton($throwable->getCancelURI())
->addSubmitButton($submit); ->addSubmitButton($submit);
$form_layout = $form->buildLayoutView();
if ($is_upgrade) {
$dialog
->setErrors(
array(
pht(
'You are taking an action which requires you to enter '.
'high security.'),
))
->appendParagraph(
pht(
'High security mode helps protect your account from security '.
'threats, like session theft or someone messing with your stuff '.
'while you\'re grabbing a coffee. To enter high security mode, '.
'confirm your credentials.'))
->appendChild($form_layout)
->appendParagraph(
pht(
'Your account will remain in high security mode for a short '.
'period of time. When you are finished taking sensitive '.
'actions, you should leave high security.'));
} else {
$dialog
->setErrors(
array(
pht(
'You are taking an action which requires you to provide '.
'multi-factor credentials.'),
))
->appendChild($form_layout);
}
$request_parameters = $request->getPassthroughRequestParameters( $request_parameters = $request->getPassthroughRequestParameters(
$respect_quicksand = true); $respect_quicksand = true);
foreach ($request_parameters as $key => $value) { foreach ($request_parameters as $key => $value) {

1
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
View file

@ -684,6 +684,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
throw id(new PhabricatorAuthHighSecurityRequiredException()) throw id(new PhabricatorAuthHighSecurityRequiredException())
->setCancelURI($cancel_uri) ->setCancelURI($cancel_uri)
->setIsSessionUpgrade($upgrade_session)
->setFactors($factors) ->setFactors($factors)
->setFactorValidationResults($validation_results); ->setFactorValidationResults($validation_results);
} }

10
src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php
View file

@ -5,6 +5,7 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception {
private $cancelURI; private $cancelURI;
private $factors; private $factors;
private $factorValidationResults; private $factorValidationResults;
private $isSessionUpgrade;
public function setFactorValidationResults(array $results) { public function setFactorValidationResults(array $results) {
assert_instances_of($results, 'PhabricatorAuthFactorResult'); assert_instances_of($results, 'PhabricatorAuthFactorResult');
@ -35,4 +36,13 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception {
return $this->cancelURI; return $this->cancelURI;
} }
public function setIsSessionUpgrade($is_upgrade) {
$this->isSessionUpgrade = $is_upgrade;
return $this;
}
public function getIsSessionUpgrade() {
return $this->isSessionUpgrade;
}
} }