Home Explore Help
Sign In
joker
/
packagist
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Remove fully-authenticated requirement

Additional testing revealed an issue with Github-based accounts.  When
such an account was logged in for a while, they eventually lost their
'fully-authenticated' status and would be forced to re-connect with
Github, which was an unexpected behavior. Furthermore, even if you went
through that process, you wouldn't become fully-authenticated
afterwards.

Instead of spending time to investigate this behavior, I've decided to
revert to the convention used by the 'change password' functionality,
which doesn't require this additional permission.
Colin O'Dell 5 years ago
parent
1ab1f28e5d
commit
c5af7b4593
1 changed files with 0 additions and 2 deletions
Split View Show Diff Stats
  1. 0 2
      src/Packagist/WebBundle/Controller/UserController.php

+ 0 - 2
src/Packagist/WebBundle/Controller/UserController.php
View File 

@@ -299,7 +299,6 @@ class UserController extends Controller
 
      */
 
     public function enableTwoFactorAuthAction(Request $req, User $user)
 
     {
 
-        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
 
         if ($user->getId() !== $this->getUser()->getId()) {
 
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
 
         }
 
@@ -363,7 +362,6 @@ class UserController extends Controller
 
      */
 
     public function disableTwoFactorAuthAction(Request $req, User $user)
 
     {
 
-        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
 
         if (!($this->isGranted('ROLE_DISABLE_2FA') || $user->getId() === $this->getUser()->getId())) {
 
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
 
         }