Add a warning about MFA requirements to edit forms

Summary: Depends on D20044. Ref T13242. Similar to D20044, add reminder text to edit forms. It would be nice to "workflow" these so the MFA flow happens inline, but Maniphest's inline edit behavior currently conflicts with this. Set it aside for now since the next workboards iteration (triggers) is probably a good opportunity to revisit it. Test Plan: {F6164496} Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13242 Differential Revision: https://secure.phabricator.com/D20045
2024-11-10 08:52:39 +01:00 · 2019-01-28 10:27:12 -08:00 · 2019-01-28 10:27:12 -08:00 · 2374c92544
commit 2374c92544
parent 13c5b427d6
1 changed files with 27 additions and 0 deletions
--- a/src/applications/transactions/editengine/PhabricatorEditEngine.php
+++ b/src/applications/transactions/editengine/PhabricatorEditEngine.php
@ -1279,14 +1279,41 @@ abstract class PhabricatorEditEngine

    $fields = $this->willBuildEditForm($object, $fields);

+    $request_path = $request->getRequestURI()
+      ->setQueryParams(array());
+
    $form = id(new AphrontFormView())
      ->setUser($viewer)
+      ->setAction($request_path)
      ->addHiddenInput('editEngine', 'true');

    foreach ($this->contextParameters as $param) {
      $form->addHiddenInput($param, $request->getStr($param));
    }

+    $requires_mfa = false;
+    if ($object instanceof PhabricatorEditEngineMFAInterface) {
+      $mfa_engine = PhabricatorEditEngineMFAEngine::newEngineForObject($object)
+        ->setViewer($viewer);
+      $requires_mfa = $mfa_engine->shouldRequireMFA();
+    }
+
+    if ($requires_mfa) {
+      $message = pht(
+        'You will be required to provide multi-factor credentials to make '.
+        'changes.');
+      $form->appendChild(
+        id(new PHUIInfoView())
+          ->setSeverity(PHUIInfoView::SEVERITY_MFA)
+          ->setErrors(array($message)));
+
+      // TODO: This should also set workflow on the form, so the user doesn't
+      // lose any form data if they "Cancel". However, Maniphest currently
+      // overrides "newEditResponse()" if the request is Ajax and returns a
+      // bag of view data. This can reasonably be cleaned up when workboards
+      // get their next iteration.
+    }
+
    foreach ($fields as $field) {
      if (!$field->getIsFormField()) {
        continue;