Paths

Table of Contentst

Differential D20117

Make external link/refresh use provider IDs, switch external account MFA to one-shot
ClosedPublic
Actions

Authored by epriestley on Feb 7 2019, 1:43 AM.

Tags

None

Referenced Files

	F15540197: D20117.id.diff
	Fri, Apr 25, 6:45 AM

	F15538574: D20117.diff
	Thu, Apr 24, 8:05 PM

	F15470536: D20117.id.diff
	Fri, Apr 4, 11:18 PM

	F15454313: D20117.diff
	Sat, Mar 29, 5:52 PM

	F15440017: D20117.id48032.diff
	Mar 26 2025, 10:45 AM

	F15434866: D20117.id.diff
	Mar 25 2025, 5:46 AM

	F15433401: D20117.diff
	Mar 24 2025, 11:00 PM

	F15431725: D20117.id.diff
	Mar 24 2025, 2:08 PM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T6703: Allow multiple copies of the same auth provider type

Commits

rPd22495a820c6: Make external link/refresh use provider IDs, switch external account MFA to one…

Summary

Depends on D20113. Ref T6703. Continue moving toward a future where multiple copies of a given type of provider may exist.

Switch MFA from session-MFA at the start to one-shot MFA at the actual link action.

Add one-shot MFA to the unlink action. This theoretically prevents an attacker from unlinking an account while you're getting coffee, registering alIce which they control, adding a copy of your profile picture, and then trying to trick you into writing a private note with your personal secrets or something.

Test Plan

Linked and unlinked accounts. Refreshed account. Unlinked, then registered a new account. Unlinked, then relinked to my old account.

Diff Detail

Repository

Branch

xacc7

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 21872
Build 29853: Run Core Tests
Build 29852: arc lint + arc unit

Event Timeline

epriestley created this revision.Feb 7 2019, 1:43 AM

Harbormaster completed remote builds in B21872: Diff 48032.Feb 7 2019, 1:45 AM

epriestley requested review of this revision.Feb 7 2019, 1:45 AM

epriestley added a child revision: D20118: Allow users to register with non-registration providers if they are invited to an instance.Feb 7 2019, 2:04 AM

epriestley mentioned this in T6703: Allow multiple copies of the same auth provider type.Feb 7 2019, 2:38 PM

amckinley accepted this revision.Feb 7 2019, 8:31 PM

This revision is now accepted and ready to land.Feb 7 2019, 8:31 PM

Closed by commit rPd22495a820c6: Make external link/refresh use provider IDs, switch external account MFA to one… (authored by epriestley). · Explain WhyFeb 12 2019, 11:18 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

auth/

application/

PhabricatorAuthApplication.php

2 lines

controller/

PhabricatorAuthConfirmLinkController.php

19 lines

PhabricatorAuthController.php

16 lines

PhabricatorAuthLinkController.php

33 lines

PhabricatorAuthUnlinkController.php

10 lines

query/

PhabricatorExternalAccountQuery.php

13 lines

people/

controller/

PhabricatorPeopleProfilePictureController.php

11 lines

settings/

panel/

PhabricatorExternalAccountsSettingsPanel.php

32 lines

Diff 48032

src/applications/auth/application/PhabricatorAuthApplication.php

Loading...

src/applications/auth/controller/PhabricatorAuthConfirmLinkController.php

Loading...

src/applications/auth/controller/PhabricatorAuthController.php

Loading...

src/applications/auth/controller/PhabricatorAuthLinkController.php

Loading...

src/applications/auth/controller/PhabricatorAuthUnlinkController.php

Loading...

src/applications/auth/query/PhabricatorExternalAccountQuery.php

Loading...

src/applications/people/controller/PhabricatorPeopleProfilePictureController.php

Loading...

src/applications/settings/panel/PhabricatorExternalAccountsSettingsPanel.php

Loading...