epriestley ada8a56bb7 Implement SMS MFA ... Summary: Depends on D20021. Ref T13222. This has a few rough edges, including: - The challenges theselves are CSRF-able. - You can go disable/edit your contact number after setting up SMS MFA and lock yourself out of your account. - SMS doesn't require MFA so an attacker can just swap your number to their number. ...but mostly works. Test Plan: - Added SMS MFA to my account. - Typed in the number I was texted. - Typed in some other different numbers (didn't work). - Cancelled/resumed the workflow, used SMS in conjunction with other factors, tried old codes, etc. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D20022		2019-01-23 14:17:38 -08:00
..
PhabricatorAuthAuthFactorPHIDType.php	Mark PhabricatorPHIDType::getPHIDTypeApplicationClass() as abstract	2015-11-03 06:47:12 +11:00
PhabricatorAuthAuthFactorProviderPHIDType.php	Add a skeleton for configurable MFA provider types	2019-01-16 12:27:23 -08:00
PhabricatorAuthAuthProviderPHIDType.php	Fix an issue with AuthProviderConfig handles	2016-06-16 06:04:43 -07:00
PhabricatorAuthChallengePHIDType.php	Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA	2018-12-17 07:00:21 -08:00
PhabricatorAuthContactNumberPHIDType.php	Add "Contact Numbers" so we can send users SMS mesages	2019-01-23 13:39:56 -08:00
PhabricatorAuthInvitePHIDType.php	Mark PhabricatorPHIDType::getPHIDTypeApplicationClass() as abstract	2015-11-03 06:47:12 +11:00
PhabricatorAuthMessagePHIDType.php	Implement SMS MFA	2019-01-23 14:17:38 -08:00
PhabricatorAuthPasswordPHIDType.php	Add a more modern object for storing password hashes	2018-01-22 15:35:28 -08:00
PhabricatorAuthSessionPHIDType.php	Give sessions real PHIDs and slightly modernize session queries	2018-12-13 16:14:41 -08:00
PhabricatorAuthSSHKeyPHIDType.php	Add ViewController and SearchEngine for SSH Public Keys	2016-05-19 09:48:46 -07:00