Page MenuHomePhabricator

Allow objects to be put in an "MFA required for all interactions" mode, and support "MFA required" statuses in Maniphest
ClosedPublic

Authored by epriestley on Dec 18 2018, 3:19 PM.

Details

Summary

Depends on D19898. Ref T13222. See PHI873. Allow objects to opt into an "MFA is required for all edits" mode.

Put tasks in this mode if they're in a status that specifies it is an mfa status.

This is still a little rough for now:

  • There's no UI hint that you'll have to MFA. I'll likely add some hinting in a followup.
  • All edits currently require MFA, even subscribe/unsubscribe. We could maybe relax this if it's an issue.
Test Plan
  • Edited an MFA-required object via comments, edit forms, and most/all of the extensions. These prompted for MFA, then worked correctly.
  • Tried to edit via Conduit, failed with a reasonably comprehensible error.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Dec 18 2018, 3:19 PM
epriestley requested review of this revision.Dec 18 2018, 3:21 PM

most/all of the extensions

Oh, it looks like awarding tokens doesn't actually work yet. This doesn't seem critical.

Also, if you fail to MFA a normal edit form you lose your work if you "cancel" (although you can "Back" twice) since MFA doesn't do a workflow overlay dialog. I'll make edit forms become workflow forms if they're going to MFA (or maybe unconditionally) and clean this other stuff up in followups.

amckinley accepted this revision.Dec 18 2018, 10:21 PM
This revision is now accepted and ready to land.Dec 18 2018, 10:21 PM
This revision was automatically updated to reflect the committed changes.