HomePhabricator
Diffusion Phabricator 920ab13cfb86

Correct a possible fatal in the non-CSRF Duo MFA workflow
920ab13cfb86
Actions

Description

Correct a possible fatal in the non-CSRF Duo MFA workflow

Summary:
Ref T13259. If we miss the separate CSRF step in Duo and proceed directly to prompting, we may fail to build a response which turns into a real control and fatal on null->setLabel().

Instead, let MFA providers customize their "bare prompt dialog" response, then make Duo use the same "you have an outstanding request" response for the CSRF and no-CSRF workflows.

Test Plan: Hit Duo auth on a non-CSRF workflow (e.g., edit an MFA provider with Duo enabled). Previously: setLabel() fatal. After patch: smooth sailing.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13259

Differential Revision: https://secure.phabricator.com/D20234

Details

Provenance
epriestleyAuthored on Mar 1 2019, 3:13 AM
epriestleyPushed on Mar 5 2019, 7:33 PM
Reviewer
amckinley
Differential Revision
D20234: Correct a possible fatal in the non-CSRF Duo MFA workflow
Parents
rPd192d04586ec: Make it more visually clear that you can click things in the "Big List of…
Branches
Unknown
Tags
Unknown
Tasks
T13259: Rebuilding repository identities throws exception for inability to identify a valid object in query "DiffusionCommitQuery"
Build Status
Buildable 22183
Build 30322: Run Core Tests

Changes (3)

PathSize
src/
applications/
auth/
engine/
factor/

rP920ab13cfb86

View Options

src/applications/auth/engine/PhabricatorAuthSessionEngine.php

Loading...
View Options

src/applications/auth/factor/PhabricatorAuthFactor.php

Loading...
View Options

src/applications/auth/factor/PhabricatorDuoAuthFactor.php

Loading...
Phabricator · Built by Phacility