Paths

Table of Contentst

Differential D20117

Make external link/refresh use provider IDs, switch external account MFA to one-shot
ClosedPublic
Actions

Authored by epriestley on Feb 7 2019, 1:43 AM.

Tags

None

Referenced Files

	F15573519: D20117.id48130.diff
	Mon, May 5, 9:11 PM

	F15552858: D20117.id48130.diff
	Sun, Apr 27, 10:59 PM

	F15545641: D20117.id48032.diff
	Sat, Apr 26, 11:49 AM

	F15540197: D20117.id.diff
	Fri, Apr 25, 6:45 AM

	F15538574: D20117.diff
	Thu, Apr 24, 8:05 PM

	F15470536: D20117.id.diff
	Apr 4 2025, 11:18 PM

	F15454313: D20117.diff
	Mar 29 2025, 5:52 PM

	F15440017: D20117.id48032.diff
	Mar 26 2025, 10:45 AM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T6703: Allow multiple copies of the same auth provider type

Commits

rPd22495a820c6: Make external link/refresh use provider IDs, switch external account MFA to one…

Summary

Depends on D20113. Ref T6703. Continue moving toward a future where multiple copies of a given type of provider may exist.

Switch MFA from session-MFA at the start to one-shot MFA at the actual link action.

Add one-shot MFA to the unlink action. This theoretically prevents an attacker from unlinking an account while you're getting coffee, registering alIce which they control, adding a copy of your profile picture, and then trying to trick you into writing a private note with your personal secrets or something.

Test Plan

Linked and unlinked accounts. Refreshed account. Unlinked, then registered a new account. Unlinked, then relinked to my old account.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Feb 7 2019, 1:43 AM

Harbormaster completed remote builds in B21872: Diff 48032.Feb 7 2019, 1:45 AM

epriestley requested review of this revision.Feb 7 2019, 1:45 AM

epriestley added a child revision: D20118: Allow users to register with non-registration providers if they are invited to an instance.Feb 7 2019, 2:04 AM

epriestley mentioned this in T6703: Allow multiple copies of the same auth provider type.Feb 7 2019, 2:38 PM

amckinley accepted this revision.Feb 7 2019, 8:31 PM

This revision is now accepted and ready to land.Feb 7 2019, 8:31 PM

Closed by commit rPd22495a820c6: Make external link/refresh use provider IDs, switch external account MFA to one… (authored by epriestley). · Explain WhyFeb 12 2019, 11:18 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

auth/

application/

PhabricatorAuthApplication.php

2 lines

controller/

PhabricatorAuthConfirmLinkController.php

19 lines

PhabricatorAuthController.php

16 lines

PhabricatorAuthLinkController.php

33 lines

PhabricatorAuthUnlinkController.php

10 lines

query/

PhabricatorExternalAccountQuery.php

13 lines

people/

controller/

PhabricatorPeopleProfilePictureController.php

11 lines

settings/

panel/

PhabricatorExternalAccountsSettingsPanel.php

32 lines

Diff 48130

src/applications/auth/application/PhabricatorAuthApplication.php

Loading...

src/applications/auth/controller/PhabricatorAuthConfirmLinkController.php

Loading...

src/applications/auth/controller/PhabricatorAuthController.php

Loading...

src/applications/auth/controller/PhabricatorAuthLinkController.php

Loading...

src/applications/auth/controller/PhabricatorAuthUnlinkController.php

Loading...

src/applications/auth/query/PhabricatorExternalAccountQuery.php

Loading...

src/applications/people/controller/PhabricatorPeopleProfilePictureController.php

Loading...

src/applications/settings/panel/PhabricatorExternalAccountsSettingsPanel.php

Loading...