phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2025-02-16 16:58:38 +01:00

No description

Find a file

epriestley 9632c704c6 Always allow users to login via email link, even if an install does not use passwords Summary: Depends on D20099. Ref T13244. See PHI774. When password auth is enabled, we support a standard email-based account recovery mechanism with "Forgot password?". When password auth is not enabled, we disable the self-serve version of this mechanism. You can still get email account login links via "Send Welcome Mail" or "bin/auth recover". There's no real technical, product, or security reason not to let everyone do email login all the time. On the technical front, these links already work and are used in other contexts. On the product front, we just need to tweak a couple of strings. On the security front, there's some argument that this mechanism provides more overall surface area for an attacker, but if we find that argument compelling we should probably provide a way to disable the self-serve pathway in all cases, rather than coupling it to which providers are enabled. Also, inch toward having things iterate over configurations (saved database objects) instead of providers (abstract implementations) so we can some day live in a world where we support multiple configurations of the same provider type (T6703). Test Plan: - With password auth enabled, reset password. - Without password auth enabled, did an email login recovery. {F6184910} Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13244 Differential Revision: https://secure.phabricator.com/D20100		2019-02-05 16:00:55 -08:00
bin	Remove dead symlink	2019-01-10 16:27:45 -08:00
conf	Remove an old digest in Celerity code and some obsolete configuration options	2019-01-04 13:43:38 -08:00
externals	Update the "SES" and "sendmail" mailers for the new API; remove "encoding"	2019-01-16 13:18:55 -08:00
resources	Correct a bug where milestone "spacePHID" columns could become desynchronized	2019-01-30 19:41:49 -08:00
scripts	Remove "iconv" PHP extension dependency	2019-01-30 19:46:58 -08:00
src	Always allow users to login via email link, even if an install does not use passwords	2019-02-05 16:00:55 -08:00
support	Use phutil_microseconds_since(...) to simplify some timing arithmetic	2018-11-08 16:46:32 -08:00
webroot	Add CSRF to SMS challenges, and pave the way for more MFA types (including Duo)	2019-01-24 15:10:57 -08:00
.arcconfig	Set "history.immutable" to "false" explicitly in .arcconfig	2016-08-03 08:12:49 -07:00
.arclint	Begin adding test coverage to GitHub Events API parsers	2016-03-09 09:30:07 -08:00
.arcunit	Use the configuration driven unit test engine	2015-08-11 07:57:11 +10:00
.editorconfig	Fix text lint issues	2015-02-12 07:00:13 +11:00
.gitignore	Make i18n string extraction faster and more flexible	2016-07-04 10:23:30 -07:00
LICENSE	Fix text lint issues	2015-02-12 07:00:13 +11:00
NOTICE	Update Phabricator NOTICE file to reflect modern legal circumstances	2014-06-25 13:42:13 -07:00
README.md	Remove push to IRC from "readme.md" too	2015-10-24 18:39:16 -07:00

README.md

Phabricator is a collection of web applications which help software companies build better software.

Phabricator includes applications for:

reviewing and auditing source code;
hosting and browsing repositories;
tracking bugs;
managing projects;
conversing with team members;
assembling a party to venture forth;
writing stuff down and reading it later;
hiding stuff from coworkers; and
also some other things.

You can learn more about the project (and find links to documentation and resources) at Phabricator.org

Phabricator is developed and maintained by Phacility.

SUPPORT RESOURCES

For resources on filing bugs, requesting features, reporting security issues, and getting other kinds of support, see Support Resources.

NO PULL REQUESTS!

We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.