1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 11:30:55 +01:00
phorge-phorge/src/applications
epriestley ad4db9b2f3 Separate "Set/Reset Password" from "Change Password"
Summary:
See PHI223. Ref T13024. There's a remaining registration/login order issue after the other changes in T13024: we lose track of the current URI when we go through the MFA flow, so we can lose "Set Password" at the end of the flow.

Specifically, the flow goes like this today:

  - User clicks the welcome link in email.
  - They get redirected to the "set password" settings panel.
  - This gets pre-empted by Legalpad (although we'll potentially survive this with the URI intact).
  - This also gets pre-empted by the "Set MFA" workflow. If the user completes this flow, they get redirected to a `/auth/multifactor/?id=123` sort of URI to highlight the factor they added. This causes us to lose the `/settings/panel/password/blah/blah?key=xyz` URI.

The ordering on this is also not ideal; it's preferable to start with a password, then do the other steps, so the user can return to the flow more easily if they are interrupted.

Resolve this by separating the "change your password" and "set/reset your password" flows onto two different pages. This copy/pastes a bit of code, but both flows end up simpler so it feels reasonable to me overall.

We don't require a full session for "set/reset password" (so you can do it if you don't have MFA/legalpad yet) and do it first.

This works better and is broadly simpler for users.

Test Plan:
  - Required MFA + legalpad, invited a user via email, registered.
    - Before: password set flow got lost when setting MFA.
    - After: prompted to set password, then sign documents, then set up MFA.
  - Reset password (with MFA confgiured, was required to MFA first).
  - Tried to reset password without a valid reset key, wasn't successful.
  - Changed password using existing flow.
  - Hit various (all?) error cases (short password, common password, mismatch, missing password, etc).

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13024

Differential Revision: https://secure.phabricator.com/D18840
2017-12-26 08:34:14 -08:00
..
almanac Fix spelling 2017-10-09 10:48:04 -07:00
aphlict Discard stdout/stderr from the aphlict subprocess when running in daemon (normal) mode 2016-11-13 16:43:42 -08:00
arcanist/conduit Remove remaining arcanist project code 2015-07-08 19:37:28 +10:00
audit Fix spelling 2017-10-09 10:48:04 -07:00
auth Separate "Set/Reset Password" from "Change Password" 2017-12-26 08:34:14 -08:00
badges Spelling fix 2017-04-25 12:19:27 -07:00
base Mark sessions as "signed all documents" when Legalpad has been uninstalled 2017-12-02 16:15:59 -08:00
cache Add "persistence" types (data, cache, or index) to tables, and tweak what "storage dump" dumps 2017-10-04 12:09:33 -07:00
calendar Don't notify without notifiable attendees 2017-12-21 12:46:46 -08:00
celerity Add a red button to PHUIButtonView 2017-08-06 08:09:40 -07:00
chatlog Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
conduit Update Settings for WHITE_CONFIG style boxes 2017-09-05 19:42:34 -07:00
config Revert partial/nonfunctional OpenGraph support 2017-11-22 15:21:10 -08:00
conpherence Fix spelling 2017-10-09 10:48:04 -07:00
console Separate button CSS classes 2017-06-05 20:14:34 +00:00
countdown Remove old Countdown route 2017-04-13 13:04:55 -07:00
daemon Add a missing DaemonLogEvent key for garbage collection 2017-10-26 18:19:46 -07:00
dashboard Fix spelling 2017-10-09 10:48:04 -07:00
differential Denormalize added and removed line counts for the current diff onto revisions 2017-12-18 09:17:55 -08:00
diffusion Fix an issue where blame could fatal for unrecognized authors 2017-12-20 11:20:23 -08:00
diviner Fix a constant typo in Diviner ("DECLARATAION" -> "TION") 2017-03-04 09:54:10 -08:00
doorkeeper Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
draft/storage Clean up some log spam caused by races in VersionedDraft 2016-09-05 13:01:53 -07:00
drydock Add drydock.blueprint.edit Conduit method 2017-12-08 11:55:08 -05:00
fact Update Facts for newPage 2016-04-03 15:07:52 -07:00
favorites Add some style to label in Favorites Menu 2017-02-01 07:20:31 -08:00
feed Allow users to query feed by a date range 2017-05-26 12:23:56 -07:00
files Stop trying to assess the image dimensions of large files and file chunks 2017-12-18 09:17:32 -08:00
flag Remove counts from home navigation 2017-01-21 13:55:40 -08:00
fund Change 'tempate' to 'template' 2017-10-09 11:56:06 -07:00
guides Make "simple" a "button type", not a "color" 2017-05-30 17:59:37 -07:00
harbormaster Provide ANSI color information for Harbormaster build status via API 2017-12-23 11:39:05 -08:00
help Redesign header menus and search 2017-01-17 12:13:06 -08:00
herald Allow Herald rules to add comments 2017-12-18 09:10:57 -08:00
home Update menu item names for Applications -> Favorites 2017-09-05 19:05:03 -07:00
legalpad Lightly modernize LegalpadDocumentSearchEngine 2017-11-28 09:56:49 -08:00
lipsum Add "--force" and "--quickly" flags to bin/lipsum 2017-02-27 09:09:41 -08:00
macro Add Conduit edit endpoint for Macro 2017-05-10 14:54:43 -07:00
maniphest Freeze "maniphest.gettasktransactions" and make status/priority transactions more consistent 2017-11-22 11:13:53 -08:00
meta Modernize QuickSearch typeahead 2017-11-30 15:07:49 +00:00
metamta Don't run Herald build and mail rules when they don't make sense 2017-10-27 08:44:12 -07:00
multimeter Add a cluster.read-only option 2016-04-09 13:40:47 -07:00
notification Make "No Notifications" setting less broad, and fix a bug with default display behavior 2017-09-13 15:32:46 -07:00
nuance Mark "Settings" and "Nuance" as launchable applications 2017-06-01 12:40:25 -07:00
oauthserver Update Settings for WHITE_CONFIG style boxes 2017-09-05 19:42:34 -07:00
owners Fix an issue with attempting to index comments on packages 2017-10-20 09:38:45 -07:00
packages Fixing copy/paste mistake 2017-04-19 15:48:59 -07:00
passphrase Fix spelling 2017-10-09 10:48:04 -07:00
paste Fix bad "editPolicy" key in Paste 2017-04-05 13:09:51 -07:00
people Separate "Set/Reset Password" from "Change Password" 2017-12-26 08:34:14 -08:00
phame Fix a couple of other missing getApplicationTransactionCommentObject() implementations 2017-10-24 09:05:23 -07:00
phid Fix spelling 2017-10-09 10:48:04 -07:00
phlux Update Phlux edit UI 2017-09-07 12:47:36 -07:00
pholio Support Ferret engine in Pholio 2017-09-07 13:25:29 -07:00
phortune Fix spelling 2017-10-09 10:48:04 -07:00
phpast Update phpast for new UI 2016-04-05 13:52:59 -07:00
phragment Remove PhabricatorFile::buildFromFileDataOrHash() 2017-04-04 16:18:00 -07:00
phrequent Fix spelling 2017-10-09 10:48:04 -07:00
phriction Fix spelling 2017-10-09 10:48:04 -07:00
phurl Change PhabricatorPhurlURLViewController to use EditEngine for commenting 2017-04-17 10:19:21 -07:00
policy Fix spelling 2017-10-09 10:48:04 -07:00
ponder Convert Ponder Questions to Ferret engine 2017-10-26 18:18:04 -07:00
project Prevent hiding the PhabricatorProjectDetailsProfileMenuItem 2017-12-23 11:38:05 -08:00
releeph Fix spelling 2017-10-09 10:48:04 -07:00
remarkup/conduit
repository Move the Git LFS gate to dedicated (non-prototype) config 2017-12-18 09:12:22 -08:00
search Modernize QuickSearch typeahead 2017-11-30 15:07:49 +00:00
settings Separate "Set/Reset Password" from "Change Password" 2017-12-26 08:34:14 -08:00
slowvote Update slowvote for new edit UI 2017-09-07 12:51:59 -07:00
spaces Update Spaces for new edit UI 2017-09-07 11:33:59 -07:00
subscriptions Property list view on Diffusion commits should show build status but not Subscriptions, Projects, or Tokens 2017-12-01 18:16:26 +00:00
support/application
system When destorying a repository, print a notification about removing the working copy 2017-08-01 08:57:39 -07:00
tokens Property list view on Diffusion commits should show build status but not Subscriptions, Projects, or Tokens 2017-12-01 18:16:26 +00:00
transactions Add drydock.blueprint.edit Conduit method 2017-12-08 11:55:08 -05:00
typeahead Modernize QuickSearch typeahead 2017-11-30 15:07:49 +00:00
uiexample Fix spelling 2017-10-09 10:48:04 -07:00
xhprof Allow XHProf profiles to be drag-and-dropped to upload them 2017-02-23 11:16:19 -08:00