Page MenuHomePhabricator

Always allow users to login via email link, even if an install does not use passwords

Authored by epriestley on Feb 5 2019, 5:50 PM.



Depends on D20099. Ref T13244. See PHI774. When password auth is enabled, we support a standard email-based account recovery mechanism with "Forgot password?".

When password auth is not enabled, we disable the self-serve version of this mechanism. You can still get email account login links via "Send Welcome Mail" or "bin/auth recover".

There's no real technical, product, or security reason not to let everyone do email login all the time. On the technical front, these links already work and are used in other contexts. On the product front, we just need to tweak a couple of strings.

On the security front, there's some argument that this mechanism provides more overall surface area for an attacker, but if we find that argument compelling we should probably provide a way to disable the self-serve pathway in all cases, rather than coupling it to which providers are enabled.

Also, inch toward having things iterate over configurations (saved database objects) instead of providers (abstract implementations) so we can some day live in a world where we support multiple configurations of the same provider type (T6703).

Test Plan
  • With password auth enabled, reset password.
  • Without password auth enabled, did an email login recovery.

Screen Shot 2019-02-05 at 9.45.15 AM.png (958×1 px, 167 KB)

Diff Detail

rP Phabricator
Lint Not Applicable
Tests Not Applicable

Event Timeline

amckinley added inline comments.

"To access to"

This revision is now accepted and ready to land.Feb 5 2019, 9:46 PM
This revision was automatically updated to reflect the committed changes.