revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-23 05:01:13 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/auth/engine
History
epriestley 920ab13cfb Correct a possible fatal in the non-CSRF Duo MFA workflow 
Summary:
Ref T13259. If we miss the separate CSRF step in Duo and proceed directly to prompting, we may fail to build a response which turns into a real control and fatal on `null->setLabel()`.

Instead, let MFA providers customize their "bare prompt dialog" response, then make Duo use the same "you have an outstanding request" response for the CSRF and no-CSRF workflows.

Test Plan: Hit Duo auth on a non-CSRF workflow (e.g., edit an MFA provider with Duo enabled). Previously: `setLabel()` fatal. After patch: smooth sailing.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13259

Differential Revision: https://secure.phabricator.com/D20234
2019-03-05 11:33:25 -08:00
..
PhabricatorAuthContactNumberMFAEngine.php Always require MFA to edit contact numbers 2019-01-23 14:19:56 -08:00
PhabricatorAuthCSRFEngine.php Remove "phabricator.csrf-key" and upgrade CSRF hashing to SHA256 2019-01-04 13:49:47 -08:00
PhabricatorAuthFactorProviderMFAEngine.php Require MFA to edit MFA providers 2019-01-28 09:44:39 -08:00
PhabricatorAuthInviteEngine.php Fix a typo 2019-02-24 13:37:14 +00:00
PhabricatorAuthPasswordEngine.php Prevent users from selecting excessively bad passwords based on their username or email address 2018-11-06 12:44:07 -08:00
PhabricatorAuthSessionEngine.php Correct a possible fatal in the non-CSRF Duo MFA workflow 2019-03-05 11:33:25 -08:00
PhabricatorAuthSessionEngineExtension.php Add session and request hooks to PhabricatorAuthSessionEngine 2016-11-17 13:09:29 -08:00
PhabricatorAuthSessionEngineExtensionModule.php Redesign Config Application 2016-08-29 15:49:49 -07:00