mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-22 23:02:42 +01:00
Fix a looping workflow when trying to submit a partially-effectless transaction group
Summary: Ref T13289. If you do this: - Subscribe to a task (so we don't generate a subscribe side-effect later). - Prepare a transaction group: sign with MFA, change projects (don't make any changes), add a comment. - Submit the transaction group. ...you'll get prompted "Some actions don't have any effect (the non-change to projects), apply remaining effects?". If you confirm, you get MFA'd, but the MFA flow loses the "continue" confirmation, so you get trapped in a workflow loop of confirming and MFA'ing. Instead, retain the "continue" bit through the MFA. Also, don't show "You can't sign an empty transaction group" if there's a comment. See also T13295, since the amount of magic here can probably be reduced. There's likely little reason for "continue" or "hisec" to be magic nowadays. Test Plan: - Went through the workflow above. - Before: looping workflow. - After: "Continue" carries through the MFA gate. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13289 Differential Revision: https://secure.phabricator.com/D20552
This commit is contained in:
parent
719dd6d3f4
commit
ce6fc5be90
3 changed files with 9 additions and 2 deletions
|
@ -663,7 +663,7 @@ final class AphrontRequest extends Phobject {
|
|||
}
|
||||
|
||||
public function isContinueRequest() {
|
||||
return $this->isFormPost() && $this->getStr('__continue__');
|
||||
return $this->isFormOrHisecPost() && $this->getStr('__continue__');
|
||||
}
|
||||
|
||||
public function isPreviewRequest() {
|
||||
|
|
|
@ -120,6 +120,13 @@ final class PhabricatorHighSecurityRequestExceptionHandler
|
|||
$dialog->addHiddenInput($key, $value);
|
||||
}
|
||||
|
||||
// See T13289. If the user hit a "some transactions have no effect" dialog
|
||||
// and elected to continue, we want to pass that flag through the MFA
|
||||
// dialog even though it is not normally a passthrough request parameter.
|
||||
if ($request->isContinueRequest()) {
|
||||
$dialog->addHiddenInput(AphrontRequest::TYPE_CONTINUE, 1);
|
||||
}
|
||||
|
||||
return $dialog;
|
||||
}
|
||||
|
||||
|
|
|
@ -2535,7 +2535,7 @@ abstract class PhabricatorApplicationTransactionEditor
|
|||
// If none of the transactions have an effect, the meta-transactions also
|
||||
// have no effect. Add them to the "no effect" list so we get a full set
|
||||
// of errors for everything.
|
||||
if (!$any_effect) {
|
||||
if (!$any_effect && !$has_comment) {
|
||||
$no_effect += $meta_xactions;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue