Page MenuHomePhabricator

Always require MFA to edit contact numbers
ClosedPublic

Authored by epriestley on Jan 23 2019, 8:00 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 23, 5:50 PM
Unknown Object (File)
Sat, Mar 23, 5:49 PM
Unknown Object (File)
Sat, Mar 23, 5:49 PM
Unknown Object (File)
Sat, Mar 23, 5:49 PM
Unknown Object (File)
Sat, Mar 23, 5:49 PM
Unknown Object (File)
Thu, Feb 29, 4:51 PM
Unknown Object (File)
Feb 14 2024, 4:05 PM
Unknown Object (File)
Feb 3 2024, 8:57 PM
Subscribers
None

Details

Summary

Depends on D20023. Ref T13222. Although I think this isn't strictly necessary from a pure security perspective (since you can't modify the primary number while you have MFA SMS), it seems like a generally good idea.

This adds a slightly new MFA mode, where we want MFA if it's available but don't strictly require it.

Test Plan

Disabled, enabled, primaried, unprimaried, and edited contact numbers. With MFA enabled, got prompted for MFA. With no MFA, no prompts.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

  • Minor wordsmithing since "MFAEngine" is about object state, not specifically about a set of edits.
This revision is now accepted and ready to land.Jan 23 2019, 10:09 PM
This revision was automatically updated to reflect the committed changes.