Replace "Show Secret" in Passphrase with one-shot MFA

Summary: Depends on D20036. Ref T13222. Now that we support one-shot MFA, swap this from session MFA to one-shot MFA. Test Plan: Revealed a credential, was no longer left in high-security mode. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D20037
2024-11-10 08:52:39 +01:00 · 2019-01-25 10:21:03 -08:00 · 2019-01-25 10:21:03 -08:00 · 44a0b3e83d
commit 44a0b3e83d
parent d24e66724d
3 changed files with 13 additions and 6 deletions
--- a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
@ -21,12 +21,8 @@ final class PassphraseCredentialRevealController
      return new Aphront404Response();
    }

-    $view_uri = '/K'.$credential->getID();
+    $view_uri = $credential->getURI();

-    $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
-      $viewer,
-      $request,
-      $view_uri);
    $is_locked = $credential->getIsLocked();

    if ($is_locked) {
@ -39,7 +35,7 @@ final class PassphraseCredentialRevealController
        ->addCancelButton($view_uri);
    }

-    if ($request->isFormPost()) {
+    if ($request->isFormOrHisecPost()) {
      $secret = $credential->getSecret();
      if (!$secret) {
        $body = pht('This credential has no associated secret.');
@ -76,6 +72,7 @@ final class PassphraseCredentialRevealController

      $editor = id(new PassphraseCredentialTransactionEditor())
        ->setActor($viewer)
+        ->setCancelURI($view_uri)
        ->setContinueOnNoEffect(true)
        ->setContentSourceFromRequest($request)
        ->applyTransactions($credential, $xactions);
--- a/src/applications/passphrase/storage/PassphraseCredential.php
+++ b/src/applications/passphrase/storage/PassphraseCredential.php
@ -52,6 +52,10 @@ final class PassphraseCredential extends PassphraseDAO
    return 'K'.$this->getID();
  }

+  public function getURI() {
+    return '/'.$this->getMonogram();
+  }
+
  protected function getConfiguration() {
    return array(
      self::CONFIG_AUX_PHID => true,
--- a/src/applications/passphrase/xaction/PassphraseCredentialLookedAtTransaction.php
+++ b/src/applications/passphrase/xaction/PassphraseCredentialLookedAtTransaction.php
@ -30,4 +30,10 @@ final class PassphraseCredentialLookedAtTransaction
    return 'blue';
  }

+  public function shouldTryMFA(
+    $object,
+    PhabricatorApplicationTransaction $xaction) {
+    return true;
+  }
+
 }