Homestyx hydra
Diffusion hydra 918f4ebcd82c

Fix a double-prompt for MFA when recovering a password account
918f4ebcd82c
Actions

Description

Fix a double-prompt for MFA when recovering a password account

Summary:
Depends on D19905. Ref T13222. In D19843, I refactored this stuff but $jump_into_hisec was dropped.

This is a hint to keep the upgraded session in hisec mode, which we need to do a password reset when using a recovery link. Without it, we double prompt you for MFA: first to upgrade to a full session, then to change your password.

Pass this into the engine properly to avoid the double-prompt.

Test Plan:

  • Used bin/auth recover to get a partial session with MFA enabled and a password provider.
  • Before: double MFA prompt.
  • After: session stays upgraded when it becomes full, no second prompt.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13222

Differential Revision: https://secure.phabricator.com/D19906

Details

Provenance
epriestleyAuthored on Dec 18 2018, 3:01 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:ca39be60914b: Make partial sessions expire after 30 minutes, and do not extend them
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (1)

PathSize
src/
applications/
auth/
engine/

R1:918f4ebcd82c

View Options

src/applications/auth/engine/PhabricatorAuthSessionEngine.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)