Differential D20020 Diff 47817 src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php
| Show First 20 Lines • Show All 260 Lines • ▼ Show 20 Lines | if ($config) { | ||||
| // If the user added a factor, give them a rate limiting point back. | // If the user added a factor, give them a rate limiting point back. | ||||
| PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
| array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
| new PhabricatorAuthNewFactorAction(), | new PhabricatorAuthNewFactorAction(), | ||||
| -1); | -1); | ||||
| $config->save(); | $config->save(); | ||||
| // If we used a temporary token to handle synchronizing the factor, | |||||
| // revoke it now. | |||||
| $sync_token = $config->getMFASyncToken(); | |||||
| if ($sync_token) { | |||||
| $sync_token->revokeToken(); | |||||
| } | |||||
epriestley: This is new. We didn't revoke the tokens before since it's mostly pointless, but at least does… | |||||
| $log = PhabricatorUserLog::initializeNewLog( | $log = PhabricatorUserLog::initializeNewLog( | ||||
| $viewer, | $viewer, | ||||
| $user->getPHID(), | $user->getPHID(), | ||||
| PhabricatorUserLog::ACTION_MULTI_ADD); | PhabricatorUserLog::ACTION_MULTI_ADD); | ||||
| $log->save(); | $log->save(); | ||||
| $user->updateMultiFactorEnrollment(); | $user->updateMultiFactorEnrollment(); | ||||
| ▲ Show 20 Lines • Show All 127 Lines • Show Last 20 Lines | |||||
This is new. We didn't revoke the tokens before since it's mostly pointless, but at least does something now that we have a limit on outstanding, unexpired sync attempts.