1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-24 22:40:55 +01:00
phorge-phorge/src
epriestley d22495a820 Make external link/refresh use provider IDs, switch external account MFA to one-shot
Summary:
Depends on D20113. Ref T6703. Continue moving toward a future where multiple copies of a given type of provider may exist.

Switch MFA from session-MFA at the start to one-shot MFA at the actual link action.

Add one-shot MFA to the unlink action. This theoretically prevents an attacker from unlinking an account while you're getting coffee, registering `alIce` which they control, adding a copy of your profile picture, and then trying to trick you into writing a private note with your personal secrets or something.

Test Plan: Linked and unlinked accounts. Refreshed account. Unlinked, then registered a new account. Unlinked, then relinked to my old account.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T6703

Differential Revision: https://secure.phabricator.com/D20117
2019-02-12 15:18:08 -08:00
..
__tests__ Use PhutilClassMapQuery instead of PhutilSymbolLoader 2015-08-14 07:49:01 +10:00
aphront Replace "getRequestURI()->setQueryParams(array())" with "getPath()" 2019-02-12 14:43:33 -08:00
applications Make external link/refresh use provider IDs, switch external account MFA to one-shot 2019-02-12 15:18:08 -08:00
docs During first-time setup, create an administrator account with no authentication instead of weird, detached authentication 2019-02-12 14:47:47 -08:00
extensions
infrastructure Replace "getQueryParams()" callsites in Phabricator 2019-02-12 06:37:03 -08:00
view Let the top-level exception handler dump a stack trace if we reach debug mode before things go sideways 2019-02-11 15:36:19 -08:00
__phutil_library_init__.php
__phutil_library_map__.php Remove the highly suspect "Import from LDAP" workflow 2019-02-12 14:45:58 -08:00