mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-24 15:52:41 +01:00
d75007cf42
Summary: - There are some recent reports of login issues, see T755 and T754. I'm not really sure what's going on, but this is an attempt at getting some more information. - When we login a user by setting 'phusr' and 'phsid', send them to /login/validate/ to validate that the cookies actually got set. - Do email password resets in two steps: first, log the user in. Redirect them through validate, then give them the option to reset their password. - Don't CSRF logged-out users. It technically sort of works most of the time right now, but is silly. If we need logged-out CSRF we should generate it in some more reliable way. Test Plan: - Logged in with username/password. - Logged in with OAuth. - Logged in with email password reset. - Sent bad values to /login/validate/, got appropriate errors. - Reset password. - Verified next_uri still works. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran, btrahan, j3kuntz Maniphest Tasks: T754, T755 Differential Revision: https://secure.phabricator.com/D1353 |
||
|---|---|---|
| .. | ||
| audit | ||
| auth | ||
| base | ||
| calendar | ||
| conduit | ||
| countdown | ||
| daemon | ||
| differential | ||
| diffusion | ||
| directory | ||
| draft/storage | ||
| feed | ||
| files | ||
| help/controller | ||
| herald | ||
| maniphest | ||
| markup | ||
| metamta | ||
| owners | ||
| paste | ||
| people | ||
| phid | ||
| phriction | ||
| project | ||
| repository | ||
| search | ||
| slowvote | ||
| status/base | ||
| typeahead/controller | ||
| uiexample | ||
| xhpastview | ||
| xhprof | ||