mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-30 09:20:58 +01:00
Added high security requirement to add/delete email addresses
Summary: Fixes T10999. Now MFA will be required for all email address related operations. Test Plan: Ensure that adding and removing email addresses now requires you to enter high security mode. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley Maniphest Tasks: T10999 Differential Revision: https://secure.phabricator.com/D16444
This commit is contained in:
parent
8cdf1a890a
commit
a1f25fdb3e
1 changed files with 10 additions and 0 deletions
|
@ -165,6 +165,11 @@ final class PhabricatorEmailAddressesSettingsPanel
|
||||||
$user = $this->getUser();
|
$user = $this->getUser();
|
||||||
$viewer = $this->getViewer();
|
$viewer = $this->getViewer();
|
||||||
|
|
||||||
|
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
|
||||||
|
$viewer,
|
||||||
|
$request,
|
||||||
|
$this->getPanelURI());
|
||||||
|
|
||||||
$e_email = true;
|
$e_email = true;
|
||||||
$email = null;
|
$email = null;
|
||||||
$errors = array();
|
$errors = array();
|
||||||
|
@ -276,6 +281,11 @@ final class PhabricatorEmailAddressesSettingsPanel
|
||||||
$user = $this->getUser();
|
$user = $this->getUser();
|
||||||
$viewer = $this->getViewer();
|
$viewer = $this->getViewer();
|
||||||
|
|
||||||
|
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
|
||||||
|
$viewer,
|
||||||
|
$request,
|
||||||
|
$this->getPanelURI());
|
||||||
|
|
||||||
// NOTE: You can only delete your own email addresses, and you can not
|
// NOTE: You can only delete your own email addresses, and you can not
|
||||||
// delete your primary address.
|
// delete your primary address.
|
||||||
$email = id(new PhabricatorUserEmail())->loadOneWhere(
|
$email = id(new PhabricatorUserEmail())->loadOneWhere(
|
||||||
|
|
Loading…
Reference in a new issue