@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Require MFA to edit MFA providers
Summary: Depends on D20037. Ref T13222. Ref T7667. Although administrators can now disable MFA from the web UI, at least require that they survive MFA gates to do so. T7667 (`bin/auth lock`) should provide a sturdier approach here in the long term.
Test Plan: Created and edited MFA providers, was prompted for MFA.
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13222, T7667
Differential Revision: https://secure.phabricator.com/D20038
+22
-1
+3
src/__phutil_library_map__.php
+3
src/__phutil_library_map__.php
···
2232
2232
'PhabricatorAuthFactorProviderEditEngine' => 'applications/auth/editor/PhabricatorAuthFactorProviderEditEngine.php',
2233
2233
'PhabricatorAuthFactorProviderEditor' => 'applications/auth/editor/PhabricatorAuthFactorProviderEditor.php',
2234
2234
'PhabricatorAuthFactorProviderListController' => 'applications/auth/controller/mfa/PhabricatorAuthFactorProviderListController.php',
2235
+
'PhabricatorAuthFactorProviderMFAEngine' => 'applications/auth/engine/PhabricatorAuthFactorProviderMFAEngine.php',
2235
2236
'PhabricatorAuthFactorProviderNameTransaction' => 'applications/auth/xaction/PhabricatorAuthFactorProviderNameTransaction.php',
2236
2237
'PhabricatorAuthFactorProviderQuery' => 'applications/auth/query/PhabricatorAuthFactorProviderQuery.php',
2237
2238
'PhabricatorAuthFactorProviderStatus' => 'applications/auth/constants/PhabricatorAuthFactorProviderStatus.php',
···
7954
7955
'PhabricatorApplicationTransactionInterface',
7955
7956
'PhabricatorPolicyInterface',
7956
7957
'PhabricatorExtendedPolicyInterface',
7958
+
'PhabricatorEditEngineMFAInterface',
7957
7959
),
7958
7960
'PhabricatorAuthFactorProviderController' => 'PhabricatorAuthProviderController',
7959
7961
'PhabricatorAuthFactorProviderEditController' => 'PhabricatorAuthFactorProviderController',
7960
7962
'PhabricatorAuthFactorProviderEditEngine' => 'PhabricatorEditEngine',
7961
7963
'PhabricatorAuthFactorProviderEditor' => 'PhabricatorApplicationTransactionEditor',
7962
7964
'PhabricatorAuthFactorProviderListController' => 'PhabricatorAuthProviderController',
7965
+
'PhabricatorAuthFactorProviderMFAEngine' => 'PhabricatorEditEngineMFAEngine',
7963
7966
'PhabricatorAuthFactorProviderNameTransaction' => 'PhabricatorAuthFactorProviderTransactionType',
7964
7967
'PhabricatorAuthFactorProviderQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
7965
7968
'PhabricatorAuthFactorProviderStatus' => 'Phobject',
+10
src/applications/auth/engine/PhabricatorAuthFactorProviderMFAEngine.php
+10
src/applications/auth/engine/PhabricatorAuthFactorProviderMFAEngine.php
+9
-1
src/applications/auth/storage/PhabricatorAuthFactorProvider.php
+9
-1
src/applications/auth/storage/PhabricatorAuthFactorProvider.php
···
5
5
implements
6
6
PhabricatorApplicationTransactionInterface,
7
7
PhabricatorPolicyInterface,
8
-
PhabricatorExtendedPolicyInterface {
8
+
PhabricatorExtendedPolicyInterface,
9
+
PhabricatorEditEngineMFAInterface {
9
10
10
11
protected $providerFactorKey;
11
12
protected $name;
···
187
188
return $extended;
188
189
}
189
190
191
+
192
+
/* -( PhabricatorEditEngineMFAInterface )---------------------------------- */
193
+
194
+
195
+
public function newEditEngineMFAEngine() {
196
+
return new PhabricatorAuthFactorProviderMFAEngine();
197
+
}
190
198
191
199
}