1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-02 11:42:42 +01:00
phorge-phorge/src/applications/auth
epriestley 02f94cd7d2 Fix an issue with Duo not live-updating properly on login gates
Summary:
See <https://discourse.phabricator-community.org/t/duo-broken-in-2019-week-12/2580/>.

The "live update Duo status" endpoint currently requires full sessions, and doesn't work from the session upgrade gate on login.

Don't require a full session to check the status of an MFA challenge.

Test Plan: Went through Duo gate in a new session, got a live update.

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D20347
2019-03-29 11:00:38 -07:00
..
__tests__ Prevent users from selecting excessively bad passwords based on their username or email address 2018-11-06 12:44:07 -08:00
action Add a "test message" action for contact numbers 2019-01-23 14:22:27 -08:00
application When users follow an email login link but an install does not use passwords, try to get them to link an account 2019-02-15 14:41:31 -08:00
capability Auth - add "manage providers" capability 2015-01-12 14:37:58 -08:00
conduit Deactivate SSH keys instead of destroying them completely 2016-05-18 14:54:28 -07:00
constants Allow MFA providers to be deprecated or disabled 2019-01-28 09:29:27 -08:00
controller Fix an issue with Duo not live-updating properly on login gates 2019-03-29 11:00:38 -07:00
data Add session and request hooks to PhabricatorAuthSessionEngine 2016-11-17 13:09:29 -08:00
editor Bring Duo MFA upstream 2019-01-28 18:26:45 -08:00
engine Correct a possible fatal in the non-CSRF Duo MFA workflow 2019-03-05 11:33:25 -08:00
engineextension Allow any transaction group to be signed with a one-shot "Sign With MFA" action 2018-12-28 00:09:30 -08:00
exception Get rid of "throwResult()" for control flow in MFA factors 2019-01-28 09:40:28 -08:00
extension Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
factor Correct a possible fatal in the non-CSRF Duo MFA workflow 2019-03-05 11:33:25 -08:00
future Replace "URI->setQueryParams()" after initialization with a constructor argument 2019-02-14 11:46:37 -08:00
garbagecollector Add a garbage collector for MFA challenges 2018-12-17 07:00:55 -08:00
guidance Don't show "registration might be too open" warnings unless an auth provider actually allows registration 2019-02-07 15:32:42 -08:00
mail Send forced mail on SSH key edits 2016-05-19 15:01:25 -07:00
management Update bin/auth MFA commands for the new "MFA Provider" indirection layer 2019-01-23 13:38:44 -08:00
message When users follow an email login link but an install does not use passwords, try to get them to link an account 2019-02-15 14:41:31 -08:00
password Prevent users from selecting excessively bad passwords based on their username or email address 2018-11-06 12:44:07 -08:00
phid Implement SMS MFA 2019-01-23 14:17:38 -08:00
provider Fix Facebook login on mobile violating CSP after form redirect 2019-02-23 05:25:09 -08:00
query Make external link/refresh use provider IDs, switch external account MFA to one-shot 2019-02-12 15:18:08 -08:00
revoker Add "bin/auth revoke --list" to explain what can be revoked 2018-01-23 14:01:39 -08:00
sshkey Send forced mail on SSH key edits 2016-05-19 15:01:25 -07:00
storage Make the default behavior of getApplicationTransactionCommentObject() "return null" instead of "throw" 2019-02-07 14:56:38 -08:00
tokentype Redesign Config Application 2016-08-29 15:49:49 -07:00
view When users confirm Duo MFA in the mobile app, live-update the UI 2019-02-15 14:38:15 -08:00
worker Send emails for email invites 2015-02-11 06:06:09 -08:00
xaction Fix an issue where Duo validation could incorrectly apply to other factor types 2019-02-03 06:36:49 -08:00