1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-11 09:22:40 +01:00
phorge-phorge/src/applications
epriestley d75007cf42 Validate logins, and simplify email password resets
Summary:
  - There are some recent reports of login issues, see T755 and T754. I'm not
really sure what's going on, but this is an attempt at getting some more
information.
  - When we login a user by setting 'phusr' and 'phsid', send them to
/login/validate/ to validate that the cookies actually got set.
  - Do email password resets in two steps: first, log the user in. Redirect them
through validate, then give them the option to reset their password.
  - Don't CSRF logged-out users. It technically sort of works most of the time
right now, but is silly. If we need logged-out CSRF we should generate it in
some more reliable way.

Test Plan:
  - Logged in with username/password.
  - Logged in with OAuth.
  - Logged in with email password reset.
  - Sent bad values to /login/validate/, got appropriate errors.
  - Reset password.
  - Verified next_uri still works.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, btrahan, j3kuntz

Maniphest Tasks: T754, T755

Differential Revision: https://secure.phabricator.com/D1353
2012-01-11 08:25:55 -08:00
..
audit Add Basic Auditing Functionalities 2011-12-20 13:36:53 -08:00
auth Validate logins, and simplify email password resets 2012-01-11 08:25:55 -08:00
base Make detection/recovery for bad cookies more strict 2011-08-19 15:45:35 -07:00
calendar Build a basic calendar view 2011-08-08 10:34:06 -07:00
conduit Match unittest results by name or file 2012-01-10 16:51:14 -08:00
countdown Countdown - kill tabs 2011-12-15 14:31:25 -08:00
daemon Refactor repository reparse scripts to be more useful 2011-09-27 17:20:04 -07:00
differential Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
diffusion Add a link from Differential to Diffusion 2012-01-05 18:03:08 -08:00
directory Dedupe DIRECTORY w/ Directory tab in directory header 2011-11-28 13:03:46 -08:00
draft/storage Revision comment drafts. 2011-02-05 16:57:21 -08:00
feed Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
files Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
help/controller Explicitly show that "escape" closes dialogs in Phabricator 2011-08-02 09:21:28 -07:00
herald ...fix my fat finger period to a comma 2011-12-29 08:55:54 -08:00
maniphest Add getStrList() to AphrontRequest 2012-01-04 10:18:46 -08:00
markup Fix undefined index header.generate-toc in Differential 2012-01-06 23:52:39 -08:00
metamta Minor, fix \n in MetaMTA headers. 2012-01-08 10:26:16 -08:00
owners Fix issue when a path is '/' in a package 2011-12-22 09:58:19 -08:00
paste Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
people Validate logins, and simplify email password resets 2012-01-11 08:25:55 -08:00
phid Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
phriction Enable Table of Contents in Phriction 2012-01-06 11:52:50 -08:00
project Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
repository Deploy new ArcanistManyWordsAboutDifferentialConstants class from D1328 into 2012-01-10 11:49:20 -08:00
search Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
slowvote Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
status/base Add /status/ 2011-04-08 11:13:51 -07:00
typeahead/controller Add a name token table so on-demand typeaheads can match last names 2011-10-23 14:25:26 -07:00
uiexample Examples using JX.View 2011-11-06 15:17:00 -08:00
xhpastview Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
xhprof Improve DarkConsole "Services" and "XHProf" plugins 2011-07-11 12:51:58 -07:00