Browse Source

Remove fully-authenticated requirement

Additional testing revealed an issue with Github-based accounts.  When
such an account was logged in for a while, they eventually lost their
'fully-authenticated' status and would be forced to re-connect with
Github, which was an unexpected behavior. Furthermore, even if you went
through that process, you wouldn't become fully-authenticated
afterwards.

Instead of spending time to investigate this behavior, I've decided to
revert to the convention used by the 'change password' functionality,
which doesn't require this additional permission.
Colin O'Dell 5 năm trước cách đây
mục cha
commit
c5af7b4593
1 tập tin đã thay đổi với 0 bổ sung2 xóa
  1. 0 2
      src/Packagist/WebBundle/Controller/UserController.php

+ 0 - 2
src/Packagist/WebBundle/Controller/UserController.php

@@ -299,7 +299,6 @@ class UserController extends Controller
      */
     public function enableTwoFactorAuthAction(Request $req, User $user)
     {
-        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
         if ($user->getId() !== $this->getUser()->getId()) {
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
         }
@@ -363,7 +362,6 @@ class UserController extends Controller
      */
     public function disableTwoFactorAuthAction(Request $req, User $user)
     {
-        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
         if (!($this->isGranted('ROLE_DISABLE_2FA') || $user->getId() === $this->getUser()->getId())) {
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
         }