Always require MFA to edit contact numbers
587e9cea19ac
Actions

Description

Always require MFA to edit contact numbers

Summary:
Depends on D20023. Ref T13222. Although I think this isn't strictly necessary from a pure security perspective (since you can't modify the primary number while you have MFA SMS), it seems like a generally good idea.

This adds a slightly new MFA mode, where we want MFA if it's available but don't strictly require it.

Test Plan: Disabled, enabled, primaried, unprimaried, and edited contact numbers. With MFA enabled, got prompted for MFA. With no MFA, no prompts.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13222

Differential Revision: https://secure.phabricator.com/D20024

Details

Provenance

epriestley	Authored on Jan 23 2019, 7:27 PM
epriestley	Pushed on Jan 23 2019, 10:20 PM

Reviewer

amckinley

Differential Revision

D20024: Always require MFA to edit contact numbers

Parents

rP7805b217ad8b: Prevent users from editing, disabling, or swapping their primary contact number…

Branches

Unknown

Tags

Unknown

Tasks

T13222: 2018 Week 48-51 Bonus Content

Build Status

Buildable 21674
Build 29556: Run Core Tests

Event Timeline

epriestley committed rP587e9cea19ac: Always require MFA to edit contact numbers (authored by epriestley).Jan 23 2019, 10:19 PM

epriestley added a task: T13222: 2018 Week 48-51 Bonus Content.

Harbormaster completed building B21674: rP587e9cea19ac: Always require MFA to edit contact numbers.Jan 23 2019, 10:21 PM

Changes (7)

Path

Size

src/

__phutil_library_map__.php

applications/

auth/

controller/

contact/

PhabricatorAuthContactNumberDisableController.php

PhabricatorAuthContactNumberPrimaryController.php

engine/

PhabricatorAuthContactNumberMFAEngine.php

storage/

PhabricatorAuthContactNumber.php

transactions/

editengine/

PhabricatorEditEngineMFAEngine.php

editor/

PhabricatorApplicationTransactionEditor.php

rP587e9cea19ac

View Options

src/__phutil_library_map__.php

View Options

src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php

View Options

src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php

View Options

src/applications/auth/engine/PhabricatorAuthContactNumberMFAEngine.php

View Options

src/applications/auth/storage/PhabricatorAuthContactNumber.php

View Options

src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php

View Options

src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php

Always require MFA to edit contact numbers587e9cea19acActions

Description

Details

Event Timeline

Changes (7)

rP587e9cea19ac

src/__phutil_library_map__.php

src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php

src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php

src/applications/auth/engine/PhabricatorAuthContactNumberMFAEngine.php

src/applications/auth/storage/PhabricatorAuthContactNumber.php

src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php

src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php

Always require MFA to edit contact numbers
587e9cea19ac
Actions