Paths

Table of Contentst

Differential D20117

Make external link/refresh use provider IDs, switch external account MFA to one-shot
ClosedPublic
Actions

Authored by epriestley on Feb 7 2019, 1:43 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Wed, Jan 29, 8:27 AM

	Unknown Object (File)
	Tue, Jan 28, 4:48 AM

	Unknown Object (File)
	Sun, Jan 26, 7:45 PM

	Unknown Object (File)
	Sun, Jan 26, 7:45 PM

	Unknown Object (File)
	Sat, Jan 25, 3:34 AM

	Unknown Object (File)
	Sat, Jan 25, 3:33 AM

	Unknown Object (File)
	Sat, Jan 25, 3:33 AM

	Unknown Object (File)
	Thu, Jan 23, 4:54 AM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T6703: Allow multiple copies of the same auth provider type

Commits

rPd22495a820c6: Make external link/refresh use provider IDs, switch external account MFA to one…

Summary

Depends on D20113. Ref T6703. Continue moving toward a future where multiple copies of a given type of provider may exist.

Switch MFA from session-MFA at the start to one-shot MFA at the actual link action.

Add one-shot MFA to the unlink action. This theoretically prevents an attacker from unlinking an account while you're getting coffee, registering alIce which they control, adding a copy of your profile picture, and then trying to trick you into writing a private note with your personal secrets or something.

Test Plan

Linked and unlinked accounts. Refreshed account. Unlinked, then registered a new account. Unlinked, then relinked to my old account.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Feb 7 2019, 1:43 AM

Harbormaster completed remote builds in B21872: Diff 48032.Feb 7 2019, 1:45 AM

epriestley requested review of this revision.Feb 7 2019, 1:45 AM

epriestley added a child revision: D20118: Allow users to register with non-registration providers if they are invited to an instance.Feb 7 2019, 2:04 AM

epriestley mentioned this in T6703: Allow multiple copies of the same auth provider type.Feb 7 2019, 2:38 PM

amckinley accepted this revision.Feb 7 2019, 8:31 PM

This revision is now accepted and ready to land.Feb 7 2019, 8:31 PM

Closed by commit rPd22495a820c6: Make external link/refresh use provider IDs, switch external account MFA to one… (authored by epriestley). · Explain WhyFeb 12 2019, 11:18 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

auth/

application/

PhabricatorAuthApplication.php

2 lines

controller/

PhabricatorAuthConfirmLinkController.php

19 lines

PhabricatorAuthController.php

16 lines

PhabricatorAuthLinkController.php

33 lines

PhabricatorAuthUnlinkController.php

10 lines

query/

PhabricatorExternalAccountQuery.php

13 lines

people/

controller/

PhabricatorPeopleProfilePictureController.php

11 lines

settings/

panel/

PhabricatorExternalAccountsSettingsPanel.php

32 lines

Diff 48130

src/applications/auth/application/PhabricatorAuthApplication.php

Loading...

src/applications/auth/controller/PhabricatorAuthConfirmLinkController.php

Loading...

src/applications/auth/controller/PhabricatorAuthController.php

Loading...

src/applications/auth/controller/PhabricatorAuthLinkController.php

Loading...

src/applications/auth/controller/PhabricatorAuthUnlinkController.php

Loading...

src/applications/auth/query/PhabricatorExternalAccountQuery.php

Loading...

src/applications/people/controller/PhabricatorPeopleProfilePictureController.php

Loading...

src/applications/settings/panel/PhabricatorExternalAccountsSettingsPanel.php

Loading...