epriestley 920ab13cfb Correct a possible fatal in the non-CSRF Duo MFA workflow ... Summary: Ref T13259. If we miss the separate CSRF step in Duo and proceed directly to prompting, we may fail to build a response which turns into a real control and fatal on `null->setLabel()`. Instead, let MFA providers customize their "bare prompt dialog" response, then make Duo use the same "you have an outstanding request" response for the CSRF and no-CSRF workflows. Test Plan: Hit Duo auth on a non-CSRF workflow (e.g., edit an MFA provider with Duo enabled). Previously: `setLabel()` fatal. After patch: smooth sailing. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13259 Differential Revision: https://secure.phabricator.com/D20234		2019-03-05 11:33:25 -08:00
..
__tests__	Prevent users from selecting excessively bad passwords based on their username or email address	2018-11-06 12:44:07 -08:00
action	Add a "test message" action for contact numbers	2019-01-23 14:22:27 -08:00
application	When users follow an email login link but an install does not use passwords, try to get them to link an account	2019-02-15 14:41:31 -08:00
capability	Auth - add "manage providers" capability	2015-01-12 14:37:58 -08:00
conduit	Deactivate SSH keys instead of destroying them completely	2016-05-18 14:54:28 -07:00
constants	Allow MFA providers to be deprecated or disabled	2019-01-28 09:29:27 -08:00
controller	When users follow an email login link but an install does not use passwords, try to get them to link an account	2019-02-15 14:41:31 -08:00
data	Add session and request hooks to PhabricatorAuthSessionEngine	2016-11-17 13:09:29 -08:00
editor	Bring Duo MFA upstream	2019-01-28 18:26:45 -08:00
engine	Correct a possible fatal in the non-CSRF Duo MFA workflow	2019-03-05 11:33:25 -08:00
engineextension	Allow any transaction group to be signed with a one-shot "Sign With MFA" action	2018-12-28 00:09:30 -08:00
exception	Get rid of "throwResult()" for control flow in MFA factors	2019-01-28 09:40:28 -08:00
extension	Replace all "setQueryParam()" calls with "remove/replaceQueryParam()"	2019-02-14 11:56:39 -08:00
factor	Correct a possible fatal in the non-CSRF Duo MFA workflow	2019-03-05 11:33:25 -08:00
future	Replace "URI->setQueryParams()" after initialization with a constructor argument	2019-02-14 11:46:37 -08:00
garbagecollector	Add a garbage collector for MFA challenges	2018-12-17 07:00:55 -08:00
guidance	Don't show "registration might be too open" warnings unless an auth provider actually allows registration	2019-02-07 15:32:42 -08:00
mail	Send forced mail on SSH key edits	2016-05-19 15:01:25 -07:00
management	Update bin/auth MFA commands for the new "MFA Provider" indirection layer	2019-01-23 13:38:44 -08:00
message	When users follow an email login link but an install does not use passwords, try to get them to link an account	2019-02-15 14:41:31 -08:00
password	Prevent users from selecting excessively bad passwords based on their username or email address	2018-11-06 12:44:07 -08:00
phid	Implement SMS MFA	2019-01-23 14:17:38 -08:00
provider	Fix Facebook login on mobile violating CSP after form redirect	2019-02-23 05:25:09 -08:00
query	Make external link/refresh use provider IDs, switch external account MFA to one-shot	2019-02-12 15:18:08 -08:00
revoker	Add "bin/auth revoke --list" to explain what can be revoked	2018-01-23 14:01:39 -08:00
sshkey	Send forced mail on SSH key edits	2016-05-19 15:01:25 -07:00
storage	Make the default behavior of getApplicationTransactionCommentObject() "return null" instead of "throw"	2019-02-07 14:56:38 -08:00
tokentype	Redesign Config Application	2016-08-29 15:49:49 -07:00
view	When users confirm Duo MFA in the mobile app, live-update the UI	2019-02-15 14:38:15 -08:00
worker	Send emails for email invites	2015-02-11 06:06:09 -08:00
xaction	Fix an issue where Duo validation could incorrectly apply to other factor types	2019-02-03 06:36:49 -08:00