Page MenuHomePhabricator

Always require MFA to edit contact numbers
ClosedPublic

Authored by epriestley on Wed, Jan 23, 8:00 PM.

Details

Summary

Depends on D20023. Ref T13222. Although I think this isn't strictly necessary from a pure security perspective (since you can't modify the primary number while you have MFA SMS), it seems like a generally good idea.

This adds a slightly new MFA mode, where we want MFA if it's available but don't strictly require it.

Test Plan

Disabled, enabled, primaried, unprimaried, and edited contact numbers. With MFA enabled, got prompted for MFA. With no MFA, no prompts.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Wed, Jan 23, 8:00 PM
epriestley requested review of this revision.Wed, Jan 23, 8:02 PM
epriestley updated this revision to Diff 47797.Wed, Jan 23, 8:03 PM
  • Minor wordsmithing since "MFAEngine" is about object state, not specifically about a set of edits.
amckinley accepted this revision.Wed, Jan 23, 10:09 PM
This revision is now accepted and ready to land.Wed, Jan 23, 10:09 PM
This revision was automatically updated to reflect the committed changes.