Page MenuHomePhabricator
Differential D19906

Fix a double-prompt for MFA when recovering a password account
ClosedPublic
Actions

Authored by epriestley on Dec 18 2018, 8:04 PM.
Tags
None
Referenced Files
F19940751: D19906.diff
Wed, Apr 15, 5:05 AM
F19829791: D19906.id47517.diff
Mar 10 2026, 8:14 AM
F19828074: D19906.id.diff
Mar 9 2026, 4:07 PM
F19816220: D19906.id47594.diff
Mar 5 2026, 4:25 AM
F19816216: D19906.id47594.diff
Mar 5 2026, 4:25 AM
F19785858: D19906.id47594.diff
Feb 25 2026, 1:57 AM
F19785850: D19906.id47594.diff
Feb 25 2026, 1:56 AM
F19715958: D19906.diff
Feb 12 2026, 8:19 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13222: 2018 Week 48-51 Bonus Content
Commits
rP918f4ebcd82c: Fix a double-prompt for MFA when recovering a password account
Summary

Depends on D19905. Ref T13222. In D19843, I refactored this stuff but $jump_into_hisec was dropped.

This is a hint to keep the upgraded session in hisec mode, which we need to do a password reset when using a recovery link. Without it, we double prompt you for MFA: first to upgrade to a full session, then to change your password.

Pass this into the engine properly to avoid the double-prompt.

Test Plan
  • Used bin/auth recover to get a partial session with MFA enabled and a password provider.
  • Before: double MFA prompt.
  • After: session stays upgraded when it becomes full, no second prompt.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
applications/
auth/
engine/
2 lines

Diff 47594

View Options

src/applications/auth/engine/PhabricatorAuthSessionEngine.php

Loading...
Phabricator · Built by Phacility