Differential D20024

Always require MFA to edit contact numbers
ClosedPublic
Actions

Authored by epriestley on Jan 23 2019, 8:00 PM.

Details

Reviewers

amckinley

Maniphest Tasks

T13222: 2018 Week 48-51 Bonus Content

Commits

rP587e9cea19ac: Always require MFA to edit contact numbers

Summary

Depends on D20023. Ref T13222. Although I think this isn't strictly necessary from a pure security perspective (since you can't modify the primary number while you have MFA SMS), it seems like a generally good idea.

This adds a slightly new MFA mode, where we want MFA if it's available but don't strictly require it.

Test Plan

Disabled, enabled, primaried, unprimaried, and edited contact numbers. With MFA enabled, got prompted for MFA. With no MFA, no prompts.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Jan 23 2019, 8:00 PM

Harbormaster completed remote builds in B21649: Diff 47796.Jan 23 2019, 8:02 PM

epriestley requested review of this revision.Jan 23 2019, 8:02 PM

Minor wordsmithing since "MFAEngine" is about object state, not specifically about a set of edits.

Harbormaster completed remote builds in B21650: Diff 47797.Jan 23 2019, 8:05 PM

epriestley added a child revision: D20025: Add a "test message" action for contact numbers.Jan 23 2019, 8:18 PM

amckinley accepted this revision.Jan 23 2019, 10:09 PM

This revision is now accepted and ready to land.Jan 23 2019, 10:09 PM

Closed by commit rP587e9cea19ac: Always require MFA to edit contact numbers (authored by epriestley). · Explain WhyJan 23 2019, 10:20 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

__phutil_library_map__.php

applications/

auth/

controller/

contact/

PhabricatorAuthContactNumberDisableController.php

5 lines

PhabricatorAuthContactNumberPrimaryController.php

5 lines

engine/

PhabricatorAuthContactNumberMFAEngine.php

10 lines

storage/

PhabricatorAuthContactNumber.php

10 lines

transactions/

editengine/

PhabricatorEditEngineMFAEngine.php

24 lines

editor/

PhabricatorApplicationTransactionEditor.php

4 lines

Diff 47821

View Options

src/__phutil_library_map__.php

View Options

src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php

View Options

src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php

View Options

src/applications/auth/engine/PhabricatorAuthContactNumberMFAEngine.php

View Options

src/applications/auth/storage/PhabricatorAuthContactNumber.php

View Options

src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php

View Options

src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php

Always require MFA to edit contact numbersClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 47821

src/__phutil_library_map__.php

src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php

src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php

src/applications/auth/engine/PhabricatorAuthContactNumberMFAEngine.php

src/applications/auth/storage/PhabricatorAuthContactNumber.php

src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php

src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php

Always require MFA to edit contact numbers
ClosedPublic
Actions

Revision Contents
Changeset List