1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-30 09:20:58 +01:00

Added high security requirement to add/delete email addresses

Summary: Fixes T10999. Now MFA will be required for all email address related operations.

Test Plan: Ensure that adding and removing email addresses now requires you to enter high security mode.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Maniphest Tasks: T10999

Differential Revision: https://secure.phabricator.com/D16444
This commit is contained in:
Josh Cox 2016-08-24 17:03:21 -04:00
parent 8cdf1a890a
commit a1f25fdb3e

View file

@ -165,6 +165,11 @@ final class PhabricatorEmailAddressesSettingsPanel
$user = $this->getUser(); $user = $this->getUser();
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
$viewer,
$request,
$this->getPanelURI());
$e_email = true; $e_email = true;
$email = null; $email = null;
$errors = array(); $errors = array();
@ -276,6 +281,11 @@ final class PhabricatorEmailAddressesSettingsPanel
$user = $this->getUser(); $user = $this->getUser();
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
$viewer,
$request,
$this->getPanelURI());
// NOTE: You can only delete your own email addresses, and you can not // NOTE: You can only delete your own email addresses, and you can not
// delete your primary address. // delete your primary address.
$email = id(new PhabricatorUserEmail())->loadOneWhere( $email = id(new PhabricatorUserEmail())->loadOneWhere(