revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-30 22:18:13 +02:00
Code Issues Releases Wiki Activity

Replace "Show Secret" in Passphrase with one-shot MFA

Browse source 
Summary: Depends on D20036. Ref T13222. Now that we support one-shot MFA, swap this from session MFA to one-shot MFA.

Test Plan: Revealed a credential, was no longer left in high-security mode.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13222

Differential Revision: https://secure.phabricator.com/D20037
This commit is contained in:
epriestley 2019-01-25 10:21:03 -08:00
parent d24e66724d
commit 44a0b3e83d
3 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/applications/passphrase/controller/PassphraseCredentialRevealController.php
View file

@ -21,12 +21,8 @@ final class PassphraseCredentialRevealController
return new Aphront404Response(); return new Aphront404Response();
} }
$view_uri = '/K'.$credential->getID(); $view_uri = $credential->getURI();
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
$viewer,
$request,
$view_uri);
$is_locked = $credential->getIsLocked(); $is_locked = $credential->getIsLocked();
if ($is_locked) { if ($is_locked) {
@ -39,7 +35,7 @@ final class PassphraseCredentialRevealController
->addCancelButton($view_uri); ->addCancelButton($view_uri);
} }
if ($request->isFormPost()) { if ($request->isFormOrHisecPost()) {
$secret = $credential->getSecret(); $secret = $credential->getSecret();
if (!$secret) { if (!$secret) {
$body = pht('This credential has no associated secret.'); $body = pht('This credential has no associated secret.');
@ -76,6 +72,7 @@ final class PassphraseCredentialRevealController
$editor = id(new PassphraseCredentialTransactionEditor()) $editor = id(new PassphraseCredentialTransactionEditor())
->setActor($viewer) ->setActor($viewer)
->setCancelURI($view_uri)
->setContinueOnNoEffect(true) ->setContinueOnNoEffect(true)
->setContentSourceFromRequest($request) ->setContentSourceFromRequest($request)
->applyTransactions($credential, $xactions); ->applyTransactions($credential, $xactions);

4
src/applications/passphrase/storage/PassphraseCredential.php
View file

@ -52,6 +52,10 @@ final class PassphraseCredential extends PassphraseDAO
return 'K'.$this->getID(); return 'K'.$this->getID();
} }
public function getURI() {
return '/'.$this->getMonogram();
}
protected function getConfiguration() { protected function getConfiguration() {
return array( return array(
self::CONFIG_AUX_PHID => true, self::CONFIG_AUX_PHID => true,

6
src/applications/passphrase/xaction/PassphraseCredentialLookedAtTransaction.php
View file

@ -30,4 +30,10 @@ final class PassphraseCredentialLookedAtTransaction
return 'blue'; return 'blue';
} }
public function shouldTryMFA(
$object,
PhabricatorApplicationTransaction $xaction) {
return true;
}
} }