Page MenuHomePhabricator

Require multiple auth factors to establish web sessions

Authored by epriestley on May 1 2014, 2:30 AM.



Ref T4398. This prompts users for multi-factor auth on login.

Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one.

Test Plan
  • Used Conduit.
  • Logged in as multi-factor user.
  • Logged in as no-factor user.
  • Tried to do non-login-things with a partial session.
  • Reviewed account activity logs.

Diff Detail

rP Phabricator
Lint Skipped
Unit Tests Skipped

Event Timeline

epriestley updated this revision to Diff 21172.May 1 2014, 2:30 AM
epriestley retitled this revision from to Require multiple auth factors to establish web sessions.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
btrahan accepted this revision.May 1 2014, 5:11 PM
btrahan edited edge metadata.
This revision is now accepted and ready to land.May 1 2014, 5:11 PM
epriestley closed this revision.May 1 2014, 5:23 PM
epriestley updated this revision to Diff 21189.

Closed by commit rP50376aad04d2 (authored by @epriestley).