mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 08:42:41 +01:00
Improve UI messaging around "one-shot" vs "session upgrade" MFA
Summary: Depends on D19899. Ref T13222. When we prompt you for one-shot MFA, we currently give you a lot of misleading text about your session staying in "high security mode". Differentiate between one-shot and session upgrade MFA, and give the user appropriate cues and explanatory text. Test Plan: - Hit one-shot MFA on an "mfa" task in Maniphest. - Hit session upgrade MFA in Settings > Multi-Factor. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19900
This commit is contained in:
parent
d3c325c4fc
commit
1c89b3175f
3 changed files with 56 additions and 20 deletions
|
@ -45,40 +45,65 @@ final class PhabricatorHighSecurityRequestExceptionHandler
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$is_upgrade = $throwable->getIsSessionUpgrade();
|
||||||
|
|
||||||
|
if ($is_upgrade) {
|
||||||
|
$title = pht('Enter High Security');
|
||||||
|
} else {
|
||||||
|
$title = pht('Provide MFA Credentials');
|
||||||
|
}
|
||||||
|
|
||||||
if ($is_wait) {
|
if ($is_wait) {
|
||||||
$submit = pht('Wait Patiently');
|
$submit = pht('Wait Patiently');
|
||||||
} else {
|
} else if ($is_upgrade) {
|
||||||
$submit = pht('Enter High Security');
|
$submit = pht('Enter High Security');
|
||||||
|
} else {
|
||||||
|
$submit = pht('Continue');
|
||||||
}
|
}
|
||||||
|
|
||||||
$dialog = id(new AphrontDialogView())
|
$dialog = id(new AphrontDialogView())
|
||||||
->setUser($viewer)
|
->setUser($viewer)
|
||||||
->setTitle(pht('Entering High Security'))
|
->setTitle($title)
|
||||||
->setShortTitle(pht('Security Checkpoint'))
|
->setShortTitle(pht('Security Checkpoint'))
|
||||||
->setWidth(AphrontDialogView::WIDTH_FORM)
|
->setWidth(AphrontDialogView::WIDTH_FORM)
|
||||||
->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
|
->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
|
||||||
->setErrors(
|
|
||||||
array(
|
|
||||||
pht(
|
|
||||||
'You are taking an action which requires you to enter '.
|
|
||||||
'high security.'),
|
|
||||||
))
|
|
||||||
->appendParagraph(
|
|
||||||
pht(
|
|
||||||
'High security mode helps protect your account from security '.
|
|
||||||
'threats, like session theft or someone messing with your stuff '.
|
|
||||||
'while you\'re grabbing a coffee. To enter high security mode, '.
|
|
||||||
'confirm your credentials.'))
|
|
||||||
->appendChild($form->buildLayoutView())
|
|
||||||
->appendParagraph(
|
|
||||||
pht(
|
|
||||||
'Your account will remain in high security mode for a short '.
|
|
||||||
'period of time. When you are finished taking sensitive '.
|
|
||||||
'actions, you should leave high security.'))
|
|
||||||
->setSubmitURI($request->getPath())
|
->setSubmitURI($request->getPath())
|
||||||
->addCancelButton($throwable->getCancelURI())
|
->addCancelButton($throwable->getCancelURI())
|
||||||
->addSubmitButton($submit);
|
->addSubmitButton($submit);
|
||||||
|
|
||||||
|
$form_layout = $form->buildLayoutView();
|
||||||
|
|
||||||
|
if ($is_upgrade) {
|
||||||
|
$dialog
|
||||||
|
->setErrors(
|
||||||
|
array(
|
||||||
|
pht(
|
||||||
|
'You are taking an action which requires you to enter '.
|
||||||
|
'high security.'),
|
||||||
|
))
|
||||||
|
->appendParagraph(
|
||||||
|
pht(
|
||||||
|
'High security mode helps protect your account from security '.
|
||||||
|
'threats, like session theft or someone messing with your stuff '.
|
||||||
|
'while you\'re grabbing a coffee. To enter high security mode, '.
|
||||||
|
'confirm your credentials.'))
|
||||||
|
->appendChild($form_layout)
|
||||||
|
->appendParagraph(
|
||||||
|
pht(
|
||||||
|
'Your account will remain in high security mode for a short '.
|
||||||
|
'period of time. When you are finished taking sensitive '.
|
||||||
|
'actions, you should leave high security.'));
|
||||||
|
} else {
|
||||||
|
$dialog
|
||||||
|
->setErrors(
|
||||||
|
array(
|
||||||
|
pht(
|
||||||
|
'You are taking an action which requires you to provide '.
|
||||||
|
'multi-factor credentials.'),
|
||||||
|
))
|
||||||
|
->appendChild($form_layout);
|
||||||
|
}
|
||||||
|
|
||||||
$request_parameters = $request->getPassthroughRequestParameters(
|
$request_parameters = $request->getPassthroughRequestParameters(
|
||||||
$respect_quicksand = true);
|
$respect_quicksand = true);
|
||||||
foreach ($request_parameters as $key => $value) {
|
foreach ($request_parameters as $key => $value) {
|
||||||
|
|
|
@ -684,6 +684,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
|
||||||
|
|
||||||
throw id(new PhabricatorAuthHighSecurityRequiredException())
|
throw id(new PhabricatorAuthHighSecurityRequiredException())
|
||||||
->setCancelURI($cancel_uri)
|
->setCancelURI($cancel_uri)
|
||||||
|
->setIsSessionUpgrade($upgrade_session)
|
||||||
->setFactors($factors)
|
->setFactors($factors)
|
||||||
->setFactorValidationResults($validation_results);
|
->setFactorValidationResults($validation_results);
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception {
|
||||||
private $cancelURI;
|
private $cancelURI;
|
||||||
private $factors;
|
private $factors;
|
||||||
private $factorValidationResults;
|
private $factorValidationResults;
|
||||||
|
private $isSessionUpgrade;
|
||||||
|
|
||||||
public function setFactorValidationResults(array $results) {
|
public function setFactorValidationResults(array $results) {
|
||||||
assert_instances_of($results, 'PhabricatorAuthFactorResult');
|
assert_instances_of($results, 'PhabricatorAuthFactorResult');
|
||||||
|
@ -35,4 +36,13 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception {
|
||||||
return $this->cancelURI;
|
return $this->cancelURI;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function setIsSessionUpgrade($is_upgrade) {
|
||||||
|
$this->isSessionUpgrade = $is_upgrade;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getIsSessionUpgrade() {
|
||||||
|
return $this->isSessionUpgrade;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue