@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Replace "Show Secret" in Passphrase with one-shot MFA
Summary: Depends on D20036. Ref T13222. Now that we support one-shot MFA, swap this from session MFA to one-shot MFA.
Test Plan: Revealed a credential, was no longer left in high-security mode.
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13222
Differential Revision: https://secure.phabricator.com/D20037
+13
-6
+3
-6
src/applications/passphrase/controller/PassphraseCredentialRevealController.php
+3
-6
src/applications/passphrase/controller/PassphraseCredentialRevealController.php
···
21
21
return new Aphront404Response();
22
22
}
23
23
24
-
$view_uri = '/K'.$credential->getID();
24
+
$view_uri = $credential->getURI();
25
25
26
-
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
27
-
$viewer,
28
-
$request,
29
-
$view_uri);
30
26
$is_locked = $credential->getIsLocked();
31
27
32
28
if ($is_locked) {
···
39
35
->addCancelButton($view_uri);
40
36
}
41
37
42
-
if ($request->isFormPost()) {
38
+
if ($request->isFormOrHisecPost()) {
43
39
$secret = $credential->getSecret();
44
40
if (!$secret) {
45
41
$body = pht('This credential has no associated secret.');
···
76
72
77
73
$editor = id(new PassphraseCredentialTransactionEditor())
78
74
->setActor($viewer)
75
+
->setCancelURI($view_uri)
79
76
->setContinueOnNoEffect(true)
80
77
->setContentSourceFromRequest($request)
81
78
->applyTransactions($credential, $xactions);
+4
src/applications/passphrase/storage/PassphraseCredential.php
+4
src/applications/passphrase/storage/PassphraseCredential.php