1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00

Require high-security session to sign legal documents

Summary: Ref T3116. If you have MFA on your account, require a code to sign a legal document.

Test Plan: Signed legal documents, got checkpointed.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3116

Differential Revision: https://secure.phabricator.com/D9772
This commit is contained in:
epriestley 2014-06-29 06:16:48 -07:00
parent bd9584d663
commit c9184db94a
2 changed files with 21 additions and 1 deletions

View file

@ -274,6 +274,18 @@ final class AphrontRequest {
return $this->validateCSRF();
}
final public function isFormOrHisecPost() {
$post = $this->getExists(self::TYPE_FORM) &&
$this->isHTTPPost();
if (!$post) {
return false;
}
return $this->validateCSRF();
}
final public function setCookiePrefix($prefix) {
$this->cookiePrefix = $prefix;
return $this;

View file

@ -115,7 +115,15 @@ final class LegalpadDocumentSignController extends LegalpadController {
$e_agree = null;
$errors = array();
if ($request->isFormPost() && !$has_signed) {
if ($request->isFormOrHisecPost() && !$has_signed) {
// Require two-factor auth to sign legal documents.
$engine = new PhabricatorAuthSessionEngine();
$engine->requireHighSecuritySession(
$viewer,
$request,
'/'.$document->getMonogram());
$name = $request->getStr('name');
$agree = $request->getExists('agree');