Homestyx hydra
Diffusion hydra 920ab13cfb86

Correct a possible fatal in the non-CSRF Duo MFA workflow
920ab13cfb86
Actions

Description

Correct a possible fatal in the non-CSRF Duo MFA workflow

Summary:
Ref T13259. If we miss the separate CSRF step in Duo and proceed directly to prompting, we may fail to build a response which turns into a real control and fatal on null->setLabel().

Instead, let MFA providers customize their "bare prompt dialog" response, then make Duo use the same "you have an outstanding request" response for the CSRF and no-CSRF workflows.

Test Plan: Hit Duo auth on a non-CSRF workflow (e.g., edit an MFA provider with Duo enabled). Previously: setLabel() fatal. After patch: smooth sailing.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13259

Differential Revision: https://secure.phabricator.com/D20234

Details

Provenance
epriestleyAuthored on Feb 28 2019, 10:13 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:d192d04586ec: Make it more visually clear that you can click things in the "Big List of…
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (3)

PathSize
src/
applications/
auth/
engine/
factor/

R1:920ab13cfb86

View Options

src/applications/auth/engine/PhabricatorAuthSessionEngine.php

Loading...
View Options

src/applications/auth/factor/PhabricatorAuthFactor.php

Loading...
View Options

src/applications/auth/factor/PhabricatorDuoAuthFactor.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)