Details
Details
- Reviewers
amckinley - Maniphest Tasks
- T13043: Improve authentication revocation behaviors
- Commits
- rPabc030fa008b: Move account passwords to shared infrastructure
- Ran migration.
- Spot checked table for general sanity.
- Logged in with an existing password.
- Hit all error conditions on "change password", "set password", "register new account" flows.
- Verified that changing password logs out other sessions.
- Verified that revoked passwords of a different type can't be selected.
- Changed passwords a bunch.
- Verified that salt regenerates properly after password change.
- Tried to login with the wrong password, which didn't work.
Diff Detail
Diff Detail
- Repository
- rP Phabricator
- Branch
- revoke13
- Lint
Lint Passed Severity Location Code Message Advice src/applications/people/storage/PhabricatorUser.php:1624 XHP16 TODO Comment - Unit
Tests Passed - Build Status
Buildable 19106 Build 25793: Run Core Tests Build 25792: arc lint + arc unit
Event Timeline
| resources/sql/autopatches/20180120.auth.03.vcsdata.sql | ||
|---|---|---|
| 4–5 | There's a little bit of juggling here to make sure that the migration runs okay if the unique key on phid gets added sooner than we expect. This just gives each new password a unique value, then the followup migrations overwrite them with real PHIDs. | |
| src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php | ||
| 73–76 | It turns out this comment is out of date; CSRF tokens haven't depended on any secret shared with passwords in a long time. | |