recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Expose users' MFA status in Project Members list to admins

Summary:
As an admin, I want to make sure that every user has MFA set up who is a member of a project with a restrictive Join Policy.
As far as I know, this is impossible via Dashboard Panels or Advanced Search queries.
Thus expose this MFA information to admins and sort the list of members to first list enabled user accounts with MFA so I can quickly check this as an admin.

Closes T16194

Test Plan:
* Set up two users with Multi-Factor Auth, disable one.
* Go to the Members List of a project as an admin and as a non-admin, look at each user entry and the sorting.

Reviewers: O1 Blessed Committers, mainframe98

Reviewed By: O1 Blessed Committers, mainframe98

Subscribers: mainframe98, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T16194

Differential Revision: https://we.phorge.it/D26315

Andre Klapper c556aa4c 44b4a6e2

+44 -5
+4 -1
src/applications/people/phid/PhabricatorPeopleUserPHIDType.php
··· 79 79 } 80 80 } 81 81 } 82 - 83 82 if ($availability) { 84 83 $handle->setAvailability($availability); 84 + } 85 + 86 + if ($user->getIsEnrolledInMultiFactor()) { 87 + $handle->setUserIsEnrolledInMultiFactor(true); 85 88 } 86 89 } 87 90 }
+22
src/applications/phid/PhabricatorObjectHandle.php
··· 33 33 private $commandLineObjectName; 34 34 private $mailStampName; 35 35 private $capabilities = array(); 36 + private $userIsEnrolledInMultiFactor = false; 36 37 37 38 public function setIcon($icon) { 38 39 $this->icon = $icon; ··· 279 280 return $this->getType(); 280 281 } 281 282 283 + /** 284 + * Set whether or not the user object has multi-factor auth enabled. 285 + * 286 + * @param bool $has_mfa True when the user represented by the handle has 287 + * multi-factor auth enabled. Defaults to false otherwise. 288 + * @return $this 289 + */ 290 + public function setUserIsEnrolledInMultiFactor(bool $has_mfa) { 291 + $this->userIsEnrolledInMultiFactor = $has_mfa; 292 + return $this; 293 + } 294 + 295 + /** 296 + * Get whether or not the user object has multi-factor auth enabled. 297 + * 298 + * @return bool True when the user represented by the handle has 299 + * multi-factor auth enabled. Defaults to false. 300 + */ 301 + public function getUserIsEnrolledInMultiFactor(): bool { 302 + return $this->userIsEnrolledInMultiFactor; 303 + } 282 304 283 305 /** 284 306 * Set whether or not the underlying object is complete. See
+18 -4
src/applications/project/view/PhabricatorProjectUserListView.php
··· 87 87 $order_scalar = -1; 88 88 } 89 89 90 - $phid_map[$user_phid] = id(new PhutilSortVector()) 91 - ->addInt($is_viewer ? 0 : 1) 92 - ->addInt($is_enabled ? 0 : 1) 93 - ->addInt($order_scalar * count($phid_map)); 90 + // If viewer is an admin, list enabled accounts with MFA before others. 91 + if ($viewer->getIsAdmin()) { 92 + $has_mfa = $handle->getUserIsEnrolledInMultiFactor() && $is_enabled; 93 + $phid_map[$user_phid] = id(new PhutilSortVector()) 94 + ->addInt($is_viewer ? 0 : 1) 95 + ->addInt($has_mfa ? 0 : 1) 96 + ->addInt($is_enabled ? 0 : 1) 97 + ->addInt($order_scalar * count($phid_map)); 98 + } else { 99 + $phid_map[$user_phid] = id(new PhutilSortVector()) 100 + ->addInt($is_viewer ? 0 : 1) 101 + ->addInt($is_enabled ? 0 : 1) 102 + ->addInt($order_scalar * count($phid_map)); 103 + } 94 104 } 95 105 $phid_map = msortv($phid_map, 'getSelf'); 96 106 ··· 124 134 $subtitle = $handle->getSubtitle(); 125 135 126 136 $item->addAttribute(array($icon, ' ', $subtitle)); 137 + 138 + if ($viewer->getIsAdmin() && $handle->getUserIsEnrolledInMultiFactor()) { 139 + $item->addIcon('fa-lock', pht('Has MFA')); 140 + } 127 141 128 142 if ($supports_edit && !$is_panel) { 129 143 $remove_uri = $this->getRemoveURI($user_phid);