mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 14:00:56 +01:00
Require high-security session to sign legal documents
Summary: Ref T3116. If you have MFA on your account, require a code to sign a legal document. Test Plan: Signed legal documents, got checkpointed. Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T3116 Differential Revision: https://secure.phabricator.com/D9772
This commit is contained in:
parent
bd9584d663
commit
c9184db94a
2 changed files with 21 additions and 1 deletions
|
@ -274,6 +274,18 @@ final class AphrontRequest {
|
|||
return $this->validateCSRF();
|
||||
}
|
||||
|
||||
final public function isFormOrHisecPost() {
|
||||
$post = $this->getExists(self::TYPE_FORM) &&
|
||||
$this->isHTTPPost();
|
||||
|
||||
if (!$post) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->validateCSRF();
|
||||
}
|
||||
|
||||
|
||||
final public function setCookiePrefix($prefix) {
|
||||
$this->cookiePrefix = $prefix;
|
||||
return $this;
|
||||
|
|
|
@ -115,7 +115,15 @@ final class LegalpadDocumentSignController extends LegalpadController {
|
|||
$e_agree = null;
|
||||
|
||||
$errors = array();
|
||||
if ($request->isFormPost() && !$has_signed) {
|
||||
if ($request->isFormOrHisecPost() && !$has_signed) {
|
||||
|
||||
// Require two-factor auth to sign legal documents.
|
||||
$engine = new PhabricatorAuthSessionEngine();
|
||||
$engine->requireHighSecuritySession(
|
||||
$viewer,
|
||||
$request,
|
||||
'/'.$document->getMonogram());
|
||||
|
||||
$name = $request->getStr('name');
|
||||
$agree = $request->getExists('agree');
|
||||
|
||||
|
|
Loading…
Reference in a new issue