epriestley f3340c6335 Allow different MFA factor types (SMS, TOTP, Duo, ...) to share "sync" tokens when enrolling new factors ... Summary: Depends on D20019. Ref T13222. Currently, TOTP uses a temporary token to make sure you've set up the app on your phone properly and that you're providing an answer to a secret which we generated (not an attacker-generated secret). However, most factor types need some kind of sync token. SMS needs to send you a code; Duo needs to store a transaction ID. Turn this "TOTP" token into an "MFA Sync" token and lift the implementation up to the base class. Also, slightly simplify some of the HTTP form gymnastics. Test Plan: - Hit the TOTP enroll screen. - Reloaded it, got new secrets. - Reloaded it more than 10 times, got told to stop generating new challenges. - Answered a challenge properly, got a new TOTP factor. - Grepped for removed class name. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D20020		2019-01-23 14:13:50 -08:00
..
__tests__	Prevent users from selecting excessively bad passwords based on their username or email address	2018-11-06 12:44:07 -08:00
action	Add a rate limit for enroll attempts when adding new MFA configurations	2019-01-23 14:12:19 -08:00
application	Support designating a contact number as "primary"	2019-01-23 14:03:08 -08:00
capability	Auth - add "manage providers" capability	2015-01-12 14:37:58 -08:00
conduit	Deactivate SSH keys instead of destroying them completely	2016-05-18 14:54:28 -07:00
constants	Support invites in the registration and login flow	2015-02-11 06:06:28 -08:00
controller	Allow MFA factors to provide more guidance text on create workflows	2019-01-23 14:10:16 -08:00
data	Add session and request hooks to PhabricatorAuthSessionEngine	2016-11-17 13:09:29 -08:00
editor	Add "Contact Numbers" so we can send users SMS mesages	2019-01-23 13:39:56 -08:00
engine	Don't rate limit users clicking "Wait Patiently" at an MFA gate even if they typed some text earlier	2019-01-23 14:11:24 -08:00
engineextension	Allow any transaction group to be signed with a one-shot "Sign With MFA" action	2018-12-28 00:09:30 -08:00
exception	Improve UI messaging around "one-shot" vs "session upgrade" MFA	2018-12-28 00:11:36 -08:00
extension	Add a more modern object for storing password hashes	2018-01-22 15:35:28 -08:00
factor	Allow different MFA factor types (SMS, TOTP, Duo, ...) to share "sync" tokens when enrolling new factors	2019-01-23 14:13:50 -08:00
garbagecollector	Add a garbage collector for MFA challenges	2018-12-17 07:00:55 -08:00
guidance	Add a bunch of Phacility-specific code to the upstream, thinly veiled as generic code	2016-11-15 09:11:22 -08:00
handler	Modularize generation of supplemental login messages	2015-09-04 10:34:39 -07:00
mail	Send forced mail on SSH key edits	2016-05-19 15:01:25 -07:00
management	Update bin/auth MFA commands for the new "MFA Provider" indirection layer	2019-01-23 13:38:44 -08:00
message	Add "Auth Messages" to support customizing onboarding/welcome flows	2019-01-18 19:53:19 -08:00
password	Prevent users from selecting excessively bad passwords based on their username or email address	2018-11-06 12:44:07 -08:00
phid	Add "Contact Numbers" so we can send users SMS mesages	2019-01-23 13:39:56 -08:00
provider	Put a hard limit on password login attempts from the same remote address	2019-01-18 19:48:42 -08:00
query	Give "MetaMTAMail" a "message type" and support SMS	2019-01-23 14:05:46 -08:00
revoker	Add "bin/auth revoke --list" to explain what can be revoked	2018-01-23 14:01:39 -08:00
sshkey	Send forced mail on SSH key edits	2016-05-19 15:01:25 -07:00
storage	Allow different MFA factor types (SMS, TOTP, Duo, ...) to share "sync" tokens when enrolling new factors	2019-01-23 14:13:50 -08:00
tokentype	Redesign Config Application	2016-08-29 15:49:49 -07:00
view	Explicitly add rel="noreferrer" to all external links	2018-02-17 17:46:11 -08:00
worker	Send emails for email invites	2015-02-11 06:06:09 -08:00
xaction	Support designating a contact number as "primary"	2019-01-23 14:03:08 -08:00