Page MenuHomePhabricator

Allow objects to be put in an "MFA required for all interactions" mode, and support "MFA required" statuses in Maniphest

Authored by epriestley on Dec 18 2018, 3:19 PM.



Depends on D19898. Ref T13222. See PHI873. Allow objects to opt into an "MFA is required for all edits" mode.

Put tasks in this mode if they're in a status that specifies it is an mfa status.

This is still a little rough for now:

  • There's no UI hint that you'll have to MFA. I'll likely add some hinting in a followup.
  • All edits currently require MFA, even subscribe/unsubscribe. We could maybe relax this if it's an issue.
Test Plan
  • Edited an MFA-required object via comments, edit forms, and most/all of the extensions. These prompted for MFA, then worked correctly.
  • Tried to edit via Conduit, failed with a reasonably comprehensible error.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

most/all of the extensions

Oh, it looks like awarding tokens doesn't actually work yet. This doesn't seem critical.

Also, if you fail to MFA a normal edit form you lose your work if you "cancel" (although you can "Back" twice) since MFA doesn't do a workflow overlay dialog. I'll make edit forms become workflow forms if they're going to MFA (or maybe unconditionally) and clean this other stuff up in followups.

This revision is now accepted and ready to land.Dec 18 2018, 10:21 PM
This revision was automatically updated to reflect the committed changes.