phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 16:22:43 +01:00

No description

Find a file

epriestley 12c3370988 When issuing a "no-op" MFA token because no MFA is configured, don't give the timeline story a badge Summary: Fixes T13475. Sometimes, we issue a "no op" / "default permit" / "unchallenged" MFA token, when a user with no MFA configured does something which is configured to attempt (but not strictly require) MFA. An example of this kind of action is changing a username: usernames may be changed even if MFA is not set up. (Some other operations, notably "Sign With MFA", strictly require that MFA actually be set up.) When a user with no MFA configured takes a "try MFA" action, we see that they have no factors configured and issue a token so they can continue. This is correct. However, this token causes the assocaited timeline story to get an MFA badge. This badge is incorrect or at least wildly misleading, since the technical assertion it currently makes ("the user answered any configured MFA challenge to do this, if one exists") isn't explained properly and isn't useful anyway. Instead, only badge the story if the user actually has MFA and actually responded to some kind of MFA challege. The badge now asserts "this user responded to an MFA challenge", which is expected/desired. Test Plan: - As a user with no MFA, renamed a user. Before patch: badged story. After patch: no badge. - As a user with MFA, renamed a user. Got badged stories in both cases. Maniphest Tasks: T13475 Differential Revision: https://secure.phabricator.com/D20958		2020-01-30 07:35:40 -08:00
bin	Remove the "ssh-auth-key" script	2019-10-28 17:52:37 -07:00
conf	Remove an old digest in Celerity code and some obsolete configuration options	2019-01-04 13:43:38 -08:00
externals	Update deprecated array access syntax in Porter stemmer	2020-01-14 12:11:39 -08:00
resources	Don't use "line-through" style for completed items in remarkup checklists	2020-01-29 08:59:51 -08:00
scripts	Don't use "phutil_hashes_are_identical()" to compare public keys	2019-10-28 18:34:30 -07:00
src	When issuing a "no-op" MFA token because no MFA is configured, don't give the timeline story a badge	2020-01-30 07:35:40 -08:00
support	Guard call to "get_magic_quotes_gpc()" with "@" to silence PHP 7.4+ warning	2020-01-14 12:22:59 -08:00
webroot	Don't use "line-through" style for completed items in remarkup checklists	2020-01-29 08:59:51 -08:00
.arcconfig	Set "history.immutable" to "false" explicitly in .arcconfig	2016-08-03 08:12:49 -07:00
.arclint	Move web application classes into "phabricator/"	2019-09-02 07:58:59 -07:00
.arcunit	Use the configuration driven unit test engine	2015-08-11 07:57:11 +10:00
.editorconfig	Fix text lint issues	2015-02-12 07:00:13 +11:00
.gitignore	Make i18n string extraction faster and more flexible	2016-07-04 10:23:30 -07:00
LICENSE	Fix text lint issues	2015-02-12 07:00:13 +11:00
NOTICE	Update Phabricator NOTICE file to reflect modern legal circumstances	2014-06-25 13:42:13 -07:00
README.md	Remove push to IRC from "readme.md" too	2015-10-24 18:39:16 -07:00

README.md

Phabricator is a collection of web applications which help software companies build better software.

Phabricator includes applications for:

reviewing and auditing source code;
hosting and browsing repositories;
tracking bugs;
managing projects;
conversing with team members;
assembling a party to venture forth;
writing stuff down and reading it later;
hiding stuff from coworkers; and
also some other things.

You can learn more about the project (and find links to documentation and resources) at Phabricator.org

Phabricator is developed and maintained by Phacility.

SUPPORT RESOURCES

For resources on filing bugs, requesting features, reporting security issues, and getting other kinds of support, see Support Resources.

NO PULL REQUESTS!

We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.