Fix a double-prompt for MFA when recovering a password account

Summary: Depends on D19905. Ref T13222. In D19843, I refactored this stuff but `$jump_into_hisec` was dropped. This is a hint to keep the upgraded session in hisec mode, which we need to do a password reset when using a recovery link. Without it, we double prompt you for MFA: first to upgrade to a full session, then to change your password. Pass this into the engine properly to avoid the double-prompt. Test Plan: - Used `bin/auth recover` to get a partial session with MFA enabled and a password provider. - Before: double MFA prompt. - After: session stays upgraded when it becomes full, no second prompt. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19906
2025-01-10 14:51:06 +01:00 · 2018-12-18 12:01:15 -08:00 · 2018-12-18 12:01:15 -08:00 · 918f4ebcd8
commit 918f4ebcd8
parent ca39be6091
1 changed files with 1 additions and 1 deletions
--- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
+++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
@ -434,7 +434,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
      $viewer,
      $request,
      $cancel_uri,
-      false,
+      $jump_into_hisec,
      true);
  }