revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-15 03:12:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications
History
epriestley e919233b31 Don't show personalized menu items until users establish a full session 
Summary:
Depends on D18792. Fixes T13024. Fixes T89198. Currently, when users are logging in initially (for example, need to enter MFA) we show more menu items than we should.

Notably, we may show some personalized/private account details, like the number of unread notifications (probably not relevant) or a user's saved queries (possibly sensitive). At best these are misleading (they won't work yet) and there's an outside possibility they leak a little bit of private data.

Instead, nuke everything except "Log Out" when users have partial sessions.

Test Plan:
Hit a partial session (MFA required, email verification required) and looked at the menu. Only saw "Log Out".

{F5297713}

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13024

Differential Revision: https://secure.phabricator.com/D18793
2017-11-28 10:01:58 -08:00
..
almanac Fix spelling 2017-10-09 10:48:04 -07:00
aphlict Discard stdout/stderr from the aphlict subprocess when running in daemon (normal) mode 2016-11-13 16:43:42 -08:00
arcanist/conduit Remove remaining arcanist project code 2015-07-08 19:37:28 +10:00
audit Fix spelling 2017-10-09 10:48:04 -07:00
auth Allow MFA enrollment before email verification 2017-11-28 10:01:09 -08:00
badges Spelling fix 2017-04-25 12:19:27 -07:00
base Tell users to "Wait Patiently" for admin account verification later in the registration process 2017-11-28 10:00:03 -08:00
cache Add "persistence" types (data, cache, or index) to tables, and tweak what "storage dump" dumps 2017-10-04 12:09:33 -07:00
calendar Fix spelling 2017-10-09 10:48:04 -07:00
celerity Add a red button to PHUIButtonView 2017-08-06 08:09:40 -07:00
chatlog Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
conduit Update Settings for WHITE_CONFIG style boxes 2017-09-05 19:42:34 -07:00
config Revert partial/nonfunctional OpenGraph support 2017-11-22 15:21:10 -08:00
conpherence Fix spelling 2017-10-09 10:48:04 -07:00
console Separate button CSS classes 2017-06-05 20:14:34 +00:00
countdown Remove old Countdown route 2017-04-13 13:04:55 -07:00
daemon Add a missing DaemonLogEvent key for garbage collection 2017-10-26 18:19:46 -07:00
dashboard Fix spelling 2017-10-09 10:48:04 -07:00
differential Add yaml files to differential.whitespace-matters 2017-11-15 11:57:11 -08:00
diffusion Fix a bad link target in Diffusion content search results 2017-11-22 11:16:14 -08:00
diviner Fix a constant typo in Diviner ("DECLARATAION" -> "TION") 2017-03-04 09:54:10 -08:00
doorkeeper Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
draft/storage Clean up some log spam caused by races in VersionedDraft 2016-09-05 13:01:53 -07:00
drydock Add a missing key on DrydockLease 2017-10-26 18:20:38 -07:00
fact Update Facts for newPage 2016-04-03 15:07:52 -07:00
favorites Add some style to label in Favorites Menu 2017-02-01 07:20:31 -08:00
feed Allow users to query feed by a date range 2017-05-26 12:23:56 -07:00
files Don't show personalized menu items until users establish a full session 2017-11-28 10:01:58 -08:00
flag Remove counts from home navigation 2017-01-21 13:55:40 -08:00
fund Change 'tempate' to 'template' 2017-10-09 11:56:06 -07:00
guides Make "simple" a "button type", not a "color" 2017-05-30 17:59:37 -07:00
harbormaster Don't run Herald build and mail rules when they don't make sense 2017-10-27 08:44:12 -07:00
help Redesign header menus and search 2017-01-17 12:13:06 -08:00
herald Don't run Herald build and mail rules when they don't make sense 2017-10-27 08:44:12 -07:00
home Update menu item names for Applications -> Favorites 2017-09-05 19:05:03 -07:00
legalpad Lightly modernize LegalpadDocumentSearchEngine 2017-11-28 09:56:49 -08:00
lipsum Add "--force" and "--quickly" flags to bin/lipsum 2017-02-27 09:09:41 -08:00
macro Add Conduit edit endpoint for Macro 2017-05-10 14:54:43 -07:00
maniphest Freeze "maniphest.gettasktransactions" and make status/priority transactions more consistent 2017-11-22 11:13:53 -08:00
meta Move setLaunchButton to setSideColumn for ObjectItem 2017-05-25 15:31:19 -07:00
metamta Don't run Herald build and mail rules when they don't make sense 2017-10-27 08:44:12 -07:00
multimeter Add a cluster.read-only option 2016-04-09 13:40:47 -07:00
notification Make "No Notifications" setting less broad, and fix a bug with default display behavior 2017-09-13 15:32:46 -07:00
nuance Mark "Settings" and "Nuance" as launchable applications 2017-06-01 12:40:25 -07:00
oauthserver Update Settings for WHITE_CONFIG style boxes 2017-09-05 19:42:34 -07:00
owners Fix an issue with attempting to index comments on packages 2017-10-20 09:38:45 -07:00
packages Fixing copy/paste mistake 2017-04-19 15:48:59 -07:00
passphrase Fix spelling 2017-10-09 10:48:04 -07:00
paste Fix bad "editPolicy" key in Paste 2017-04-05 13:09:51 -07:00
people Don't show personalized menu items until users establish a full session 2017-11-28 10:01:58 -08:00
phame Fix a couple of other missing getApplicationTransactionCommentObject() implementations 2017-10-24 09:05:23 -07:00
phid Fix spelling 2017-10-09 10:48:04 -07:00
phlux Update Phlux edit UI 2017-09-07 12:47:36 -07:00
pholio Support Ferret engine in Pholio 2017-09-07 13:25:29 -07:00
phortune Fix spelling 2017-10-09 10:48:04 -07:00
phpast Update phpast for new UI 2016-04-05 13:52:59 -07:00
phragment Remove PhabricatorFile::buildFromFileDataOrHash() 2017-04-04 16:18:00 -07:00
phrequent Fix spelling 2017-10-09 10:48:04 -07:00
phriction Fix spelling 2017-10-09 10:48:04 -07:00
phurl Change PhabricatorPhurlURLViewController to use EditEngine for commenting 2017-04-17 10:19:21 -07:00
policy Fix spelling 2017-10-09 10:48:04 -07:00
ponder Convert Ponder Questions to Ferret engine 2017-10-26 18:18:04 -07:00
project Hide archived projects only on workboards, not hovercards 2017-11-27 14:37:51 -08:00
releeph Fix spelling 2017-10-09 10:48:04 -07:00
remarkup/conduit phtize all the things 2015-05-22 21:16:39 +10:00
repository Specify a null behavior for the callsign sort column. 2017-11-14 17:16:01 -06:00
search Clarify acceptable values for --threshold in search ngrams 2017-10-17 14:32:25 -07:00
settings Fix spelling 2017-10-09 10:48:04 -07:00
slowvote Update slowvote for new edit UI 2017-09-07 12:51:59 -07:00
spaces Update Spaces for new edit UI 2017-09-07 11:33:59 -07:00
subscriptions Fix spelling 2017-10-09 10:48:04 -07:00
support/application
system When destorying a repository, print a notification about removing the working copy 2017-08-01 08:57:39 -07:00
tokens Prevent awarding/revoking tokens when a task is locked 2017-03-04 09:55:35 -08:00
transactions Fix spelling 2017-10-09 10:48:04 -07:00
typeahead Fix spelling 2017-10-09 10:48:04 -07:00
uiexample Fix spelling 2017-10-09 10:48:04 -07:00
xhprof Allow XHProf profiles to be drag-and-dropped to upload them 2017-02-23 11:16:19 -08:00