@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Improve UI messaging around "one-shot" vs "session upgrade" MFA
Summary:
Depends on D19899. Ref T13222. When we prompt you for one-shot MFA, we currently give you a lot of misleading text about your session staying in "high security mode".
Differentiate between one-shot and session upgrade MFA, and give the user appropriate cues and explanatory text.
Test Plan:
- Hit one-shot MFA on an "mfa" task in Maniphest.
- Hit session upgrade MFA in Settings > Multi-Factor.
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13222
Differential Revision: https://secure.phabricator.com/D19900
+56
-20
+45
-20
src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php
+45
-20
src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php
···
45
45
}
46
46
}
47
47
48
+
$is_upgrade = $throwable->getIsSessionUpgrade();
49
+
50
+
if ($is_upgrade) {
51
+
$title = pht('Enter High Security');
52
+
} else {
53
+
$title = pht('Provide MFA Credentials');
54
+
}
55
+
48
56
if ($is_wait) {
49
57
$submit = pht('Wait Patiently');
58
+
} else if ($is_upgrade) {
59
+
$submit = pht('Enter High Security');
50
60
} else {
51
-
$submit = pht('Enter High Security');
61
+
$submit = pht('Continue');
52
62
}
53
63
54
64
$dialog = id(new AphrontDialogView())
55
65
->setUser($viewer)
56
-
->setTitle(pht('Entering High Security'))
66
+
->setTitle($title)
57
67
->setShortTitle(pht('Security Checkpoint'))
58
68
->setWidth(AphrontDialogView::WIDTH_FORM)
59
69
->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
60
-
->setErrors(
61
-
array(
62
-
pht(
63
-
'You are taking an action which requires you to enter '.
64
-
'high security.'),
65
-
))
66
-
->appendParagraph(
67
-
pht(
68
-
'High security mode helps protect your account from security '.
69
-
'threats, like session theft or someone messing with your stuff '.
70
-
'while you\'re grabbing a coffee. To enter high security mode, '.
71
-
'confirm your credentials.'))
72
-
->appendChild($form->buildLayoutView())
73
-
->appendParagraph(
74
-
pht(
75
-
'Your account will remain in high security mode for a short '.
76
-
'period of time. When you are finished taking sensitive '.
77
-
'actions, you should leave high security.'))
78
70
->setSubmitURI($request->getPath())
79
71
->addCancelButton($throwable->getCancelURI())
80
72
->addSubmitButton($submit);
73
+
74
+
$form_layout = $form->buildLayoutView();
75
+
76
+
if ($is_upgrade) {
77
+
$dialog
78
+
->setErrors(
79
+
array(
80
+
pht(
81
+
'You are taking an action which requires you to enter '.
82
+
'high security.'),
83
+
))
84
+
->appendParagraph(
85
+
pht(
86
+
'High security mode helps protect your account from security '.
87
+
'threats, like session theft or someone messing with your stuff '.
88
+
'while you\'re grabbing a coffee. To enter high security mode, '.
89
+
'confirm your credentials.'))
90
+
->appendChild($form_layout)
91
+
->appendParagraph(
92
+
pht(
93
+
'Your account will remain in high security mode for a short '.
94
+
'period of time. When you are finished taking sensitive '.
95
+
'actions, you should leave high security.'));
96
+
} else {
97
+
$dialog
98
+
->setErrors(
99
+
array(
100
+
pht(
101
+
'You are taking an action which requires you to provide '.
102
+
'multi-factor credentials.'),
103
+
))
104
+
->appendChild($form_layout);
105
+
}
81
106
82
107
$request_parameters = $request->getPassthroughRequestParameters(
83
108
$respect_quicksand = true);
+1
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
+1
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
+10
src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php
+10
src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php
···
5
5
private $cancelURI;
6
6
private $factors;
7
7
private $factorValidationResults;
8
+
private $isSessionUpgrade;
8
9
9
10
public function setFactorValidationResults(array $results) {
10
11
assert_instances_of($results, 'PhabricatorAuthFactorResult');
···
33
34
34
35
public function getCancelURI() {
35
36
return $this->cancelURI;
37
+
}
38
+
39
+
public function setIsSessionUpgrade($is_upgrade) {
40
+
$this->isSessionUpgrade = $is_upgrade;
41
+
return $this;
42
+
}
43
+
44
+
public function getIsSessionUpgrade() {
45
+
return $this->isSessionUpgrade;
36
46
}
37
47
38
48
}