Paths

Table of Contentst

Differential D19906

Fix a double-prompt for MFA when recovering a password account
ClosedPublic
Actions

Authored by epriestley on Dec 18 2018, 8:04 PM.

Tags

None

Subscribers

None

Details

Reviewers

Maniphest Tasks

T13222: 2018 Week 48-51 Bonus Content

Commits

rP918f4ebcd82c: Fix a double-prompt for MFA when recovering a password account

Summary

Depends on D19905. Ref T13222. In D19843, I refactored this stuff but $jump_into_hisec was dropped.

This is a hint to keep the upgraded session in hisec mode, which we need to do a password reset when using a recovery link. Without it, we double prompt you for MFA: first to upgrade to a full session, then to change your password.

Pass this into the engine properly to avoid the double-prompt.

Test Plan

Used bin/auth recover to get a partial session with MFA enabled and a password provider.
Before: double MFA prompt.
After: session stays upgraded when it becomes full, no second prompt.

Diff Detail

Repository

Lint

Automatic diff as part of commit; lint not applicable.

Unit

Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Dec 18 2018, 8:04 PM

Harbormaster completed remote builds in B21371: Diff 47517.Dec 18 2018, 8:05 PM

epriestley requested review of this revision.Dec 18 2018, 8:05 PM

epriestley added a child revision: D19908: Improve UI for "wait" and "answered" MFA challenges.Dec 18 2018, 10:19 PM

amckinley accepted this revision.Dec 18 2018, 11:16 PM

This revision is now accepted and ready to land.Dec 18 2018, 11:16 PM

Closed by commit rP918f4ebcd82c: Fix a double-prompt for MFA when recovering a password account (authored by epriestley). · Explain WhyDec 28 2018, 8:17 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

auth/

engine/

PhabricatorAuthSessionEngine.php

2 lines

Diff 47594

src/applications/auth/engine/PhabricatorAuthSessionEngine.php

Loading...