1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 05:50:55 +01:00
phorge-phorge/resources
epriestley ce953ea447 Explicitly mark MFA challenges as "answered" and "completed"
Summary:
Depends on D19893. Ref T13222. See PHI873. A challenge is "answered" if you provide a valid response. A challenge is "completed" if we let you through the MFA check and do whatever actual action the check is protecting.

If you only have one MFA factor, challenges will be "completed" immediately after they are "answered". However, if you have two or more factors, it's possible to "answer" one or more prompts, but fewer than all of the prompts, and end up with "answered" challenges that are not "completed".

In the future, it may also be possible to answer all the challenges but then have an error occur before they are marked "completed" (for example, a unique key collision in the transaction code). For now, nothing interesting happens between "answered" and "completed". This would take the form of the caller explicitly providing flags like "wait to mark the challenges as completed until I do something" and "okay, mark the challenges as completed now".

This change prevents all token reuse, even on the same workflow. Future changes will let the answered challenges "stick" to the client form so you don't have to re-answer challenges for a short period of time if you hit a unique key collision.

Test Plan:
  - Used a token to get through an MFA gate.
  - Tried to go through another gate, was told to wait for a long time for the next challenge window.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13222

Differential Revision: https://secure.phabricator.com/D19894
2018-12-20 14:45:22 -08:00
..
builtin Dynamically composite favicons from customizable sources 2018-03-12 15:28:41 -07:00
celerity Fix a bad method call signature throwing exceptions in newer Node 2018-12-10 16:01:00 -08:00
cows Use PHP implementation of Cowsay for cowsay rule 2015-09-13 12:27:30 -07:00
emoji Add aliases for "party" emoji (🎉) 2018-02-05 12:23:26 -08:00
figlet/custom Include "Figlet" and PEAR "Text_Figlet" in externals 2015-09-13 12:30:48 -07:00
font Made Meme Generator 2013-01-19 18:43:43 -08:00
sprite Uh, update Phabricator login image 2017-08-11 13:37:26 -07:00
sql Explicitly mark MFA challenges as "answered" and "completed" 2018-12-20 14:45:22 -08:00
sshd Drop interactive login from sshd example 2017-06-27 12:51:46 -07:00