For security reasons, empowering users requires providing their multi-factor authentication if enabled, and uninstalling applications is just as security sensitive as empowering users.
That's why users should be prompted for MFA when uninstalling applications (only if user has MFA enabled).
Closes T15490
Details
Details
- Reviewers
aklapper - Group Reviewers
O1: Blessed Committers - Maniphest Tasks
- T15490: Uninstalling/Installing an application should eventually involve MFA
With MFA enabled, attempt to uninstall an application and get a Enter High Security challenge, prompting for MFA.
Diff Detail
Diff Detail
- Repository
- rP Phorge
- Branch
- mfapps
- Lint
Lint Passed - Unit
Tests Passed - Build Status
Buildable 1827 Build 1827: arc lint + arc unit
Event Timeline
Comment Actions
Clear Test Plans with URIs are welcome - the less others need to think "how/where to do that" the easier gets testing.
Which "an application" exactly? As which type of user?
- As an admin, go to http://phorge.localhost/auth/mfa/ and set up an MFA Provider.
- As an admin, go to http://phorge.localhost/applications/edit/PhabricatorFlagsApplication/ and set Can Configure Application to All Users
- As an average user, go to http://phorge.localhost/applications/edit/PhabricatorFlagsApplication/, select
- In the Really Uninstall Application? dialog, click the Uninstall button
After these steps I get Unhandled Exception ("Exception"): This transaction group requires MFA to apply, but the Editor was not configured with a Cancel URI. This workflow can not perform an MFA check.
Comment Actions
Any application were canUninstall is not set to false (thus not a required application).
As which type of user?
A user with the Can Configure Application capability (by default admins).
Comment Actions
That's what I tested (as the Files application can be uninstalled). Which exact application(s) did you test?
I'm surprised that you did not run into the same problem as I did described in my last comment...maybe it's related to not being an admin?
Comment Actions
Why would a cancel URI be needed? Do you know a Cancel URI for an app with something that prompts for MFA (ie. exposing Passphrases, empowering users, signing comments with MFA, managing your VCS password and SSH keys)
Actually I am not testing things. I think I may at some point have a proper Phorge install on my VM (quite complex) to properly test.
Comment Actions
I don't know, I only tested with the steps which I provided above.
https://we.phorge.it/source/phorge/browse/master/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php$5506-5513 is the relevant code.
Do you know a Cancel URI for an app with something that prompts for MFA (ie. exposing Passphrases, empowering users, signing comments with MFA, managing your VCS password and SSH keys)
Actually I am not testing things. I think I may at some point have a proper Phorge install on my VM (quite complex) to properly test.
I strongly encourage you to set up a test instance - how would you otherwise make sure that your proposed changes work? :)