Page MenuHomePhabricator
Differential D20234

Correct a possible fatal in the non-CSRF Duo MFA workflow
ClosedPublic
Actions

Authored by epriestley on Mar 1 2019, 3:28 AM.
Tags
None
Referenced Files
F19945865: D20234.id48294.diff
Thu, Apr 16, 9:10 PM
F19943910: D20234.diff
Thu, Apr 16, 7:10 AM
F19901421: D20234.diff
Mon, Mar 30, 9:59 AM
F19894942: D20234.diff
Sat, Mar 28, 5:56 PM
F19834120: D20234.id48324.diff
Mar 11 2026, 3:04 AM
F19571801: D20234.id48294.diff
Feb 1 2026, 2:46 AM
F19571799: D20234.id.diff
Feb 1 2026, 2:46 AM
F19472557: D20234.diff
Jan 7 2026, 9:46 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13259: Rebuilding repository identities throws exception for inability to identify a valid object in query "DiffusionCommitQuery"
Commits
rP920ab13cfb86: Correct a possible fatal in the non-CSRF Duo MFA workflow
Summary

Ref T13259. If we miss the separate CSRF step in Duo and proceed directly to prompting, we may fail to build a response which turns into a real control and fatal on null->setLabel().

Instead, let MFA providers customize their "bare prompt dialog" response, then make Duo use the same "you have an outstanding request" response for the CSRF and no-CSRF workflows.

Test Plan

Hit Duo auth on a non-CSRF workflow (e.g., edit an MFA provider with Duo enabled). Previously: setLabel() fatal. After patch: smooth sailing.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
applications/
auth/
engine/
9 lines
factor/
34 lines
13 lines

Diff 48324

View Options

src/applications/auth/engine/PhabricatorAuthSessionEngine.php

Loading...
View Options

src/applications/auth/factor/PhabricatorAuthFactor.php

Loading...
View Options

src/applications/auth/factor/PhabricatorDuoAuthFactor.php

Loading...
Phabricator · Built by Phacility