Page MenuHomePhabricator

Always require MFA to edit contact numbers

Authored by epriestley on Jan 23 2019, 8:00 PM.



Depends on D20023. Ref T13222. Although I think this isn't strictly necessary from a pure security perspective (since you can't modify the primary number while you have MFA SMS), it seems like a generally good idea.

This adds a slightly new MFA mode, where we want MFA if it's available but don't strictly require it.

Test Plan

Disabled, enabled, primaried, unprimaried, and edited contact numbers. With MFA enabled, got prompted for MFA. With no MFA, no prompts.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Jan 23 2019, 8:00 PM
epriestley requested review of this revision.Jan 23 2019, 8:02 PM
epriestley updated this revision to Diff 47797.Jan 23 2019, 8:03 PM
  • Minor wordsmithing since "MFAEngine" is about object state, not specifically about a set of edits.
amckinley accepted this revision.Jan 23 2019, 10:09 PM
This revision is now accepted and ready to land.Jan 23 2019, 10:09 PM
This revision was automatically updated to reflect the committed changes.