Paths

Table of Contentst

Differential D19903

Allow "bin/auth recover" to generate a link which forces a full login session
ClosedPublic
Actions

Authored by epriestley on Dec 18 2018, 7:17 PM.

Tags

None

Referenced Files

	F19309309: D19903.diff
	Wed, Dec 24, 8:56 PM

	F19201565: D19903.diff
	Tue, Dec 16, 4:06 PM

	F18878023: D19903.diff
	Nov 6 2025, 2:01 PM

	F18860027: D19903.diff
	Nov 2 2025, 9:16 AM

	F18770421: D19903.id.diff
	Oct 8 2025, 12:26 PM

	F18761399: D19903.diff
	Oct 6 2025, 2:04 PM

	F18673162: D19903.diff
	Sep 25 2025, 9:32 AM

	F18596822: D19903.diff
	Sep 13 2025, 1:34 AM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T13222: 2018 Week 48-51 Bonus Content

Commits

rPff49d1ef776b: Allow "bin/auth recover" to generate a link which forces a full login session

Summary

Depends on D19902. Ref T13222. This is mostly a "while I'm in here..." change since MFA is getting touched so much anyway.

Doing cluster support, I sometimes need to log into user accounts on instances that have MFA. I currently accomplish this by doing bin/auth recover, getting a parital session, and then forcing it into a full session in the database. This is inconvenient and somewhat dangerous.

Instead, allow bin/auth recover to generate a link that skips the "partial session" stage: adding required MFA, providing MFA, and signing legalpad documents.

Anyone who can run bin/auth recover can do this anyway, this just reduces the chance I accidentally bypass MFA on the wrong session when doing support stuff.

Test Plan

Logged in with bin/auth recover, was prompted for MFA.
Logged in with bin/auth recover --force-full-session, was not prompted for MFA.
Did a password reset, followed reset link, was prompted for MFA.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Dec 18 2018, 7:17 PM

Harbormaster completed remote builds in B21368: Diff 47514.Dec 18 2018, 7:19 PM

epriestley requested review of this revision.Dec 18 2018, 7:19 PM

epriestley edited the summary of this revision. (Show Details)Dec 18 2018, 7:19 PM

epriestley added a child revision: D19904: Remove support for the "TYPE_AUTH_WILLLOGIN" event.Dec 18 2018, 7:38 PM

amckinley accepted this revision.Dec 18 2018, 11:07 PM

This revision is now accepted and ready to land.Dec 18 2018, 11:07 PM

Closed by commit rPff49d1ef776b: Allow "bin/auth recover" to generate a link which forces a full login session (authored by epriestley). · Explain WhyDec 28 2018, 8:15 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

auth/

controller/

PhabricatorAuthController.php

13 lines

PhabricatorAuthOneTimeLoginController.php

7 lines

engine/

PhabricatorAuthSessionEngine.php

8 lines

management/

PhabricatorAuthManagementRecoverWorkflow.php

13 lines

storage/

PhabricatorAuthTemporaryToken.php

10 lines

Diff 47591

src/applications/auth/controller/PhabricatorAuthController.php

Loading...

src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php

Loading...

src/applications/auth/engine/PhabricatorAuthSessionEngine.php

Loading...

src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php

Loading...

src/applications/auth/storage/PhabricatorAuthTemporaryToken.php

Loading...