Homec4science

Require multiple auth factors to establish web sessions

Authored by epriestley <git@epriestley.com> on May 1 2014, 19:23.

Description

Require multiple auth factors to establish web sessions

Summary:
Ref T4398. This prompts users for multi-factor auth on login.

Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one.

Test Plan:

  • Used Conduit.
  • Logged in as multi-factor user.
  • Logged in as no-factor user.
  • Tried to do non-login-things with a partial session.
  • Reviewed account activity logs.

{F149295}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8922

Details

Committed
epriestley <git@epriestley.com>May 1 2014, 19:23
Pushed
aubortJan 31 2017, 17:16
Parents
rPH1e6b2f26e92d: Change spacing, layout of ObjectItem states
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH50376aad04d2: Require multiple auth factors to establish web sessions (authored by epriestley <git@epriestley.com>).May 1 2014, 19:23