mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-04 12:42:43 +01:00
7805b217ad
Summary: Depends on D20022. Ref T13222. Since you can easily lock yourself out of your account by swapping to a bad number, prevent contact number edits while "contact number" MFA (today, always SMS) is enabled. (Another approach would be to bind factors to specific contact numbers, and then prevent that number from being edited or disabled while SMS MFA was attached to it. However, I think that's a bit more complicated and a little more unwieldy, and ends up in about the same place as this. I'd consider it more strongly in the future if we had like 20 users say "I have 9 phones" but I doubt this is a real use case.) Test Plan: - With SMS MFA, tried to edit my primary contact number, disable it, and promote another number to become primary. Got a sensible error message in all cases. - After removing SMS MFA, did all that stuff with no issues. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D20023 |
||
|---|---|---|
| .. | ||
| PhabricatorAuthContactNumberNumberTransaction.php | ||
| PhabricatorAuthContactNumberPrimaryTransaction.php | ||
| PhabricatorAuthContactNumberStatusTransaction.php | ||
| PhabricatorAuthContactNumberTransactionType.php | ||
| PhabricatorAuthFactorProviderNameTransaction.php | ||
| PhabricatorAuthFactorProviderTransactionType.php | ||
| PhabricatorAuthMessageTextTransaction.php | ||
| PhabricatorAuthMessageTransactionType.php | ||
| PhabricatorAuthPasswordRevokeTransaction.php | ||
| PhabricatorAuthPasswordTransactionType.php | ||
| PhabricatorAuthPasswordUpgradeTransaction.php | ||