Differential D20117

Make external link/refresh use provider IDs, switch external account MFA to one-shot
ClosedPublic
Actions

Authored by epriestley on Feb 7 2019, 1:43 AM.

Details

Reviewers

amckinley

Maniphest Tasks

T6703: Allow multiple copies of the same auth provider type

Commits

rPd22495a820c6: Make external link/refresh use provider IDs, switch external account MFA to one…

Summary

Depends on D20113. Ref T6703. Continue moving toward a future where multiple copies of a given type of provider may exist.

Switch MFA from session-MFA at the start to one-shot MFA at the actual link action.

Add one-shot MFA to the unlink action. This theoretically prevents an attacker from unlinking an account while you're getting coffee, registering alIce which they control, adding a copy of your profile picture, and then trying to trick you into writing a private note with your personal secrets or something.

Test Plan

Linked and unlinked accounts. Refreshed account. Unlinked, then registered a new account. Unlinked, then relinked to my old account.

Diff Detail

Repository

rP Phabricator

Lint

Automatic diff as part of commit; lint not applicable.

Unit

Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Feb 7 2019, 1:43 AM

Harbormaster completed remote builds in B21872: Diff 48032.Feb 7 2019, 1:45 AM

epriestley requested review of this revision.Feb 7 2019, 1:45 AM

epriestley added a child revision: D20118: Allow users to register with non-registration providers if they are invited to an instance.Feb 7 2019, 2:04 AM

epriestley mentioned this in T6703: Allow multiple copies of the same auth provider type.Feb 7 2019, 2:38 PM

amckinley accepted this revision.Feb 7 2019, 8:31 PM

This revision is now accepted and ready to land.Feb 7 2019, 8:31 PM

Closed by commit rPd22495a820c6: Make external link/refresh use provider IDs, switch external account MFA to one… (authored by epriestley). · Explain WhyFeb 12 2019, 11:18 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

			Path	Packages
M			src/applications/auth/application/PhabricatorAuthApplication.php (2 lines)
M			src/applications/auth/controller/PhabricatorAuthConfirmLinkController.php (19 lines)
M			src/applications/auth/controller/PhabricatorAuthController.php (16 lines)
M			src/applications/auth/controller/PhabricatorAuthLinkController.php (33 lines)
M			src/applications/auth/controller/PhabricatorAuthUnlinkController.php (10 lines)
M			src/applications/auth/query/PhabricatorExternalAccountQuery.php (13 lines)
M			src/applications/people/controller/PhabricatorPeopleProfilePictureController.php (11 lines)
M			src/applications/settings/panel/PhabricatorExternalAccountsSettingsPanel.php (32 lines)

Diff	ID	Base	Description	Created	Lint	Unit
Base			Base
Diff 1	48032	e8768d0		Feb 7 2019, 1:43 AM	★	★
Diff 2	48130	e5ee656	rPd22495a820c67a7e5e156f2a8792620bea44bbdc	Feb 12 2019, 11:18 PM	★	★

Status	Author	Revision
Closed	epriestley	D20123 Allow users to be approved from the profile "Manage" page, alongside other similar actions
Closed	epriestley	D20122 On login forms, autofocus the "username" field
Closed	epriestley	D20120 When users have no password on their account, guide them through the "reset password" flow in the guise of "set password"
Closed	epriestley	D20119 Don't show "registration might be too open" warnings unless an auth provider actually allows registration
Closed	epriestley	D20118 Allow users to register with non-registration providers if they are invited to an instance
Closed	epriestley	D20117 Make external link/refresh use provider IDs, switch external account MFA to one-shot
Closed	epriestley	D20113 Make external account unlinking use account IDs, not "providerType + providerDomain" nonsense
Closed	epriestley	D20112 Give ExternalAccount a providerConfigPHID, tying it to a particular provider
Closed	epriestley	D20111 During first-time setup, create an administrator account with no authentication instead of weird, detached authentication