Page MenuHomePhabricator

Add an explicit temporary token management page to Settings
ClosedPublic

Authored by epriestley on Aug 3 2014, 5:41 PM.
Tags
None
Referenced Files
F14411137: D10133.diff
Tue, Dec 24, 8:59 AM
Unknown Object (File)
Fri, Dec 20, 11:41 AM
Unknown Object (File)
Thu, Dec 12, 2:06 PM
Unknown Object (File)
Thu, Dec 12, 3:41 AM
Unknown Object (File)
Tue, Dec 10, 3:26 AM
Unknown Object (File)
Sat, Nov 30, 8:43 AM
Unknown Object (File)
Wed, Nov 27, 7:23 PM
Unknown Object (File)
Nov 20 2024, 9:34 AM
Subscribers

Details

Summary

Ref T5506. This makes it easier to understand and manage temporary tokens.

Eventually this could be more user-friendly, since it's relatively difficult to understand what this screen means. My short-term goal is just to make the next change easier to implement and test.

The next diff will close a small security weakness: if you change your email address, password reset links which were sent to the old address are still valid. Although an attacker would need substantial access to exploit this (essentially, it would just make it easier for them to re-compromise an already compromised account), it's a bit surprising. In the next diff, email address changes will invalidate outstanding password reset links.

Test Plan
  • Viewed outstanding tokens.
  • Added tokens to the list by making "Forgot your password?" requests.
  • Revoked tokens individually.
  • Revoked all tokens.
  • Tried to use a revoked token.

Diff Detail

Repository
rP Phabricator
Branch
token1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 2016
Build 2017: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

epriestley retitled this revision from to Add an explicit temporary token management page to Settings.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.

Here's what this looks like, specifically:

Screen_Shot_2014-08-03_at_10.58.40_AM.png (1×1 px, 192 KB)

btrahan edited edge metadata.
This revision is now accepted and ready to land.Aug 4 2014, 6:51 PM
epriestley updated this revision to Diff 24402.

Closed by commit rP30f6405a8654 (authored by @epriestley).