recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

In Legalpad, prompt for MFA at the end of the workflow instead of the beginning

Summary: Depends on D19895. Ref T13222. This is a simple behavioral improvement for the current MFA implementation in Legalpad: don't MFA the user and //then// realize that they forgot to actually check the box.

Test Plan:
- Submitted form without the box checked, got an error saying "check the box" instead of MFA.
- Submitted the form with the box checked, got an MFA prompt.
- Passed the MFA gate, got a signed form.
- Tried to sign another form, hit MFA timed lockout.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13222

Differential Revision: https://secure.phabricator.com/D19896

epriestley 961fd7e8 b63783c0

+14 -15
+14 -15
src/applications/legalpad/controller/LegalpadDocumentSignController.php
··· 151 151 $errors = array(); 152 152 $hisec_token = null; 153 153 if ($request->isFormOrHisecPost() && !$has_signed) { 154 - 155 - // Require two-factor auth to sign legal documents. 156 - if ($viewer->isLoggedIn()) { 157 - $workflow_key = sprintf( 158 - 'legalpad.sign(%s)', 159 - $document->getPHID()); 160 - 161 - $hisec_token = id(new PhabricatorAuthSessionEngine()) 162 - ->setWorkflowKey($workflow_key) 163 - ->requireHighSecurityToken( 164 - $viewer, 165 - $request, 166 - $document->getURI()); 167 - } 168 - 169 154 list($form_data, $errors, $field_errors) = $this->readSignatureForm( 170 155 $document, 171 156 $request); ··· 192 177 $signature->setVerified($verified); 193 178 194 179 if (!$errors) { 180 + // Require MFA to sign legal documents. 181 + if ($viewer->isLoggedIn()) { 182 + $workflow_key = sprintf( 183 + 'legalpad.sign(%s)', 184 + $document->getPHID()); 185 + 186 + $hisec_token = id(new PhabricatorAuthSessionEngine()) 187 + ->setWorkflowKey($workflow_key) 188 + ->requireHighSecurityToken( 189 + $viewer, 190 + $request, 191 + $document->getURI()); 192 + } 193 + 195 194 $signature->save(); 196 195 197 196 // If the viewer is logged in, signing for themselves, send them to