浏览代码

Remove fully-authenticated requirement

Additional testing revealed an issue with Github-based accounts.  When
such an account was logged in for a while, they eventually lost their
'fully-authenticated' status and would be forced to re-connect with
Github, which was an unexpected behavior. Furthermore, even if you went
through that process, you wouldn't become fully-authenticated
afterwards.

Instead of spending time to investigate this behavior, I've decided to
revert to the convention used by the 'change password' functionality,
which doesn't require this additional permission.
Colin O'Dell 5 年之前
父节点
当前提交
c5af7b4593
共有 1 个文件被更改,包括 0 次插入2 次删除
  1. 0 2
      src/Packagist/WebBundle/Controller/UserController.php

+ 0 - 2
src/Packagist/WebBundle/Controller/UserController.php

@@ -299,7 +299,6 @@ class UserController extends Controller
      */
     public function enableTwoFactorAuthAction(Request $req, User $user)
     {
-        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
         if ($user->getId() !== $this->getUser()->getId()) {
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
         }
@@ -363,7 +362,6 @@ class UserController extends Controller
      */
     public function disableTwoFactorAuthAction(Request $req, User $user)
     {
-        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
         if (!($this->isGranted('ROLE_DISABLE_2FA') || $user->getId() === $this->getUser()->getId())) {
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
         }