Page MenuHomePhabricator
Differential D19899

Allow objects to be put in an "MFA required for all interactions" mode, and support "MFA required" statuses in Maniphest
ClosedPublic
Actions

Authored by epriestley on Dec 18 2018, 3:19 PM.
Tags
None
Referenced Files
F18109124: D19899.id47509.diff
Mon, Aug 11, 11:47 AM
F18083997: D19899.id47587.diff
Tue, Aug 5, 12:58 PM
F17947407: D19899.id.diff
Thu, Jul 31, 4:28 PM
F17925957: D19899.diff
Jul 30 2025, 12:21 PM
F17757229: D19899.diff
Jul 22 2025, 3:52 PM
Unknown Object (File)
Jul 5 2025, 10:10 AM
Unknown Object (File)
Jun 18 2025, 12:01 AM
Unknown Object (File)
Jun 17 2025, 7:21 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13222: 2018 Week 48-51 Bonus Content
Commits
rPd3c325c4fc73: Allow objects to be put in an "MFA required for all interactions" mode, and…
Summary

Depends on D19898. Ref T13222. See PHI873. Allow objects to opt into an "MFA is required for all edits" mode.

Put tasks in this mode if they're in a status that specifies it is an mfa status.

This is still a little rough for now:

  • There's no UI hint that you'll have to MFA. I'll likely add some hinting in a followup.
  • All edits currently require MFA, even subscribe/unsubscribe. We could maybe relax this if it's an issue.
Test Plan
  • Edited an MFA-required object via comments, edit forms, and most/all of the extensions. These prompted for MFA, then worked correctly.
  • Tried to edit via Conduit, failed with a reasonably comprehensible error.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Dec 18 2018, 3:19 PM
Harbormaster completed remote builds in B21363: Diff 47509.Dec 18 2018, 3:21 PM
epriestley requested review of this revision.Dec 18 2018, 3:21 PM
epriestley added a comment.Dec 18 2018, 3:34 PM

most/all of the extensions

Oh, it looks like awarding tokens doesn't actually work yet. This doesn't seem critical.

Also, if you fail to MFA a normal edit form you lose your work if you "cancel" (although you can "Back" twice) since MFA doesn't do a workflow overlay dialog. I'll make edit forms become workflow forms if they're going to MFA (or maybe unconditionally) and clean this other stuff up in followups.

epriestley added a child revision: D19900: Improve UI messaging around "one-shot" vs "session upgrade" MFA.Dec 18 2018, 4:04 PM
amckinley accepted this revision.Dec 18 2018, 10:21 PM
This revision is now accepted and ready to land.Dec 18 2018, 10:21 PM
Closed by commit rPd3c325c4fc73: Allow objects to be put in an "MFA required for all interactions" mode, and… (authored by epriestley). · Explain WhyDec 28 2018, 8:11 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 47587

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/maniphest/config/PhabricatorManiphestConfigOptions.php

Loading...
View Options

src/applications/maniphest/constants/ManiphestTaskStatus.php

Loading...
View Options

src/applications/maniphest/engine/ManiphestTaskMFAEngine.php

Loading...
View Options

src/applications/maniphest/storage/ManiphestTask.php

Loading...
View Options

src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php

Loading...
View Options

src/applications/transactions/editengine/PhabricatorEditEngine.php

Loading...
View Options

src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php

Loading...
View Options

src/applications/transactions/editengine/PhabricatorEditEngineMFAInterface.php

Loading...
View Options

src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php

Loading...
Phabricator · Built by Phacility