revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-09-20 01:08:50 +02:00
Code Issues Releases Wiki Activity
No description
16492 commits 3 branches 6 tags 152 MiB
PHP 93.5%
JavaScript 4.1%
CSS 2.4%
Find a file
epriestley 12c3370988 When issuing a "no-op" MFA token because no MFA is configured, don't give the timeline story a badge 
Summary:
Fixes T13475. Sometimes, we issue a "no op" / "default permit" / "unchallenged" MFA token, when a user with no MFA configured does something which is configured to attempt (but not strictly require) MFA.

An example of this kind of action is changing a username: usernames may be changed even if MFA is not set up.

(Some other operations, notably "Sign With MFA", strictly require that MFA actually be set up.)

When a user with no MFA configured takes a "try MFA" action, we see that they have no factors configured and issue a token so they can continue. This is correct. However, this token causes the assocaited timeline story to get an MFA badge.

This badge is incorrect or at least wildly misleading, since the technical assertion it currently makes ("the user answered any configured MFA challenge to do this, if one exists") isn't explained properly and isn't useful anyway.

Instead, only badge the story if the user actually has MFA and actually responded to some kind of MFA challege. The badge now asserts "this user responded to an MFA challenge", which is expected/desired.

Test Plan:
  - As a user with no MFA, renamed a user. Before patch: badged story. After patch: no badge.
  - As a user with MFA, renamed a user. Got badged stories in both cases.

Maniphest Tasks: T13475

Differential Revision: https://secure.phabricator.com/D20958
2020-01-30 07:35:40 -08:00
bin Remove the "ssh-auth-key" script 2019-10-28 17:52:37 -07:00
conf Remove an old digest in Celerity code and some obsolete configuration options 2019-01-04 13:43:38 -08:00
externals Update deprecated array access syntax in Porter stemmer 2020-01-14 12:11:39 -08:00
resources Don't use "line-through" style for completed items in remarkup checklists 2020-01-29 08:59:51 -08:00
scripts Don't use "phutil_hashes_are_identical()" to compare public keys 2019-10-28 18:34:30 -07:00
src When issuing a "no-op" MFA token because no MFA is configured, don't give the timeline story a badge 2020-01-30 07:35:40 -08:00
support Guard call to "get_magic_quotes_gpc()" with "@" to silence PHP 7.4+ warning 2020-01-14 12:22:59 -08:00
webroot Don't use "line-through" style for completed items in remarkup checklists 2020-01-29 08:59:51 -08:00
.arcconfig Set "history.immutable" to "false" explicitly in .arcconfig 2016-08-03 08:12:49 -07:00
.arclint Move web application classes into "phabricator/" 2019-09-02 07:58:59 -07:00
.arcunit
.editorconfig
.gitignore Make i18n string extraction faster and more flexible 2016-07-04 10:23:30 -07:00
LICENSE
NOTICE
README.md Remove push to IRC from "readme.md" too 2015-10-24 18:39:16 -07:00

README.md

Phabricator is a collection of web applications which help software companies build better software.

Phabricator includes applications for:

  • reviewing and auditing source code;
  • hosting and browsing repositories;
  • tracking bugs;
  • managing projects;
  • conversing with team members;
  • assembling a party to venture forth;
  • writing stuff down and reading it later;
  • hiding stuff from coworkers; and
  • also some other things.

You can learn more about the project (and find links to documentation and resources) at Phabricator.org

Phabricator is developed and maintained by Phacility.

SUPPORT RESOURCES

For resources on filing bugs, requesting features, reporting security issues, and getting other kinds of support, see Support Resources.

NO PULL REQUESTS!

We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.