@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Added high security requirement to add/delete email addresses
Summary: Fixes T10999. Now MFA will be required for all email address related operations.
Test Plan: Ensure that adding and removing email addresses now requires you to enter high security mode.
Reviewers: #blessed_reviewers, epriestley
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley
Maniphest Tasks: T10999
Differential Revision: https://secure.phabricator.com/D16444
+10
+10
src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php
+10
src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php
···
165
165
$user = $this->getUser();
166
166
$viewer = $this->getViewer();
167
167
168
+
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
169
+
$viewer,
170
+
$request,
171
+
$this->getPanelURI());
172
+
168
173
$e_email = true;
169
174
$email = null;
170
175
$errors = array();
···
275
280
$email_id) {
276
281
$user = $this->getUser();
277
282
$viewer = $this->getViewer();
283
+
284
+
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
285
+
$viewer,
286
+
$request,
287
+
$this->getPanelURI());
278
288
279
289
// NOTE: You can only delete your own email addresses, and you can not
280
290
// delete your primary address.