revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-13 10:22:42 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/auth/controller
History
epriestley 30f6405a86 Add an explicit temporary token management page to Settings 
Summary:
Ref T5506. This makes it easier to understand and manage temporary tokens.

Eventually this could be more user-friendly, since it's relatively difficult to understand what this screen means. My short-term goal is just to make the next change easier to implement and test.

The next diff will close a small security weakness: if you change your email address, password reset links which were sent to the old address are still valid. Although an attacker would need substantial access to exploit this (essentially, it would just make it easier for them to re-compromise an already compromised account), it's a bit surprising. In the next diff, email address changes will invalidate outstanding password reset links.

Test Plan:
  - Viewed outstanding tokens.
  - Added tokens to the list by making "Forgot your password?" requests.
  - Revoked tokens individually.
  - Revoked all tokens.
  - Tried to use a revoked token.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5506

Differential Revision: https://secure.phabricator.com/D10133
2014-08-04 12:04:13 -07:00
..
config Remove all device = true from page construction 2014-06-23 15:18:14 -07:00
PhabricatorAuthConfirmLinkController.php Remove all device = true from page construction 2014-06-23 15:18:14 -07:00
PhabricatorAuthController.php Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal 2014-07-10 10:18:10 -07:00
PhabricatorAuthDowngradeSessionController.php Let users review their own account activity logs 2014-04-27 17:32:09 -07:00
PhabricatorAuthFinishController.php Make password reset emails use one-time tokens 2014-05-22 10:41:00 -07:00
PhabricatorAuthLinkController.php Remove all device = true from page construction 2014-06-23 15:18:14 -07:00
PhabricatorAuthLoginController.php Use standard infrastructure for Feed in Audit 2014-08-02 00:06:56 -07:00
PhabricatorAuthNeedsApprovalController.php Remove all device = true from page construction 2014-06-23 15:18:14 -07:00
PhabricatorAuthNeedsMultiFactorController.php Remove all device = true from page construction 2014-06-23 15:18:14 -07:00
PhabricatorAuthOldOAuthRedirectController.php Whitelist controllers which can receive a 'code' parameter 2014-03-12 11:30:04 -07:00
PhabricatorAuthOneTimeLoginController.php Fix broken references to auth adapters 2014-07-22 21:20:45 +10:00
PhabricatorAuthRegisterController.php Fix broken references to auth adapters 2014-07-22 21:20:45 +10:00
PhabricatorAuthRevokeTokenController.php Add an explicit temporary token management page to Settings 2014-08-04 12:04:13 -07:00
PhabricatorAuthStartController.php Remove all device = true from page construction 2014-06-23 15:18:14 -07:00
PhabricatorAuthTerminateSessionController.php Make dialogs a little easier to use 2014-03-21 14:40:05 -07:00
PhabricatorAuthUnlinkController.php Change double quotes to single quotes. 2014-06-09 11:36:50 -07:00
PhabricatorAuthValidateController.php Change double quotes to single quotes. 2014-06-09 11:36:50 -07:00
PhabricatorDisabledUserController.php Restore merge of phutil_tag. 2013-02-13 14:51:18 -08:00
PhabricatorEmailLoginController.php Fix broken references to auth adapters 2014-07-22 21:20:45 +10:00
PhabricatorEmailVerificationController.php Remove all device = true from page construction 2014-06-23 15:18:14 -07:00
PhabricatorLogoutController.php Require multiple auth factors to establish web sessions 2014-05-01 10:23:02 -07:00
PhabricatorMustVerifyEmailController.php Remove all device = true from page construction 2014-06-23 15:18:14 -07:00
PhabricatorRefreshCSRFController.php Delete license headers from files 2012-11-05 11:16:51 -08:00