Page MenuHomePhabricator
Differential D14319

Prevent duplicate account links from being created by swapping logins and then refreshing the link
ClosedPublic
Actions

Authored by epriestley on Oct 23 2015, 8:03 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 29, 11:07 PM
Unknown Object (File)
Nov 17 2024, 11:41 PM
Unknown Object (File)
Nov 17 2024, 7:35 PM
Unknown Object (File)
Nov 16 2024, 9:36 PM
Unknown Object (File)
Nov 15 2024, 9:28 AM
Unknown Object (File)
Nov 14 2024, 7:54 AM
Unknown Object (File)
Nov 12 2024, 11:59 PM
Unknown Object (File)
Nov 12 2024, 2:24 PM
View All Files
Subscribers
None

Details

Reviewers
chad
Maniphest Tasks
T6707: 'Attaching' two external accounts of the same type results in AphrontCountQueryException
Commits
Restricted Diffusion Commit
rP9520a6b0ed2e: (stable) Promote 2015 Week 43
rPb038041dc600: Prevent duplicate account links from being created by swapping logins and…
Summary

Fixes T6707. Users can currently do this:

  • Log in to a service (like Facebook or Google) with account "A".
  • Link their Phabricator account to that account.
  • Log out of Facebook, log back in with account "B".
  • Refresh the account link from SettingsExternal Accounts.

When they do this, we write a second account link (between their Phabricator account and account "B"). However, the rest of the codebase assumes accounts are singly-linked, so this breaks down elsewhere.

For now, decline to link the second account. We'll permit this some day, but need to do more work to allow it, and the need is very rare.

Test Plan
  • Followed the steps above, hit the new error.
  • Logged back in to the proper account and did a link refresh (which worked).

Screen Shot 2015-10-23 at 12.56.20 PM.png (885×890 px, 133 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 34569.Oct 23 2015, 8:03 PM
epriestley retitled this revision from to Prevent duplicate account links from being created by swapping logins and then refreshing the link.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
epriestley added a task: T6707: 'Attaching' two external accounts of the same type results in AphrontCountQueryException.
chad accepted this revision.Oct 23 2015, 8:37 PM
chad edited edge metadata.
This revision is now accepted and ready to land.Oct 23 2015, 8:37 PM
Closed by commit rPb038041dc600: Prevent duplicate account links from being created by swapping logins and… (authored by epriestley, committed by epriestley). · Explain WhyOct 24 2015, 11:50 AM
This revision was automatically updated to reflect the committed changes.
jhurwitz mentioned this in T7732: Convoluted flow when locked out of account with only one auth provider.Nov 20 2015, 6:47 PM

Revision Contents
Changeset List

PathSize
src/
applications/
auth/
controller/
21 lines

Diff 34573

View Options

src/applications/auth/controller/PhabricatorAuthLoginController.php

Loading...
Phabricator · Built by Phacility