Skip to content

refactor: apply 2FA to any non-exempt routes #15688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Apr 1, 2024

Conversation

miketheman
Copy link
Member

New actions, such as reporting malware via web UI, now require 2FA.

Contains other commits, making this change easier to implement. Please review individually.

@miketheman miketheman added the 2FA label Mar 29, 2024
@miketheman miketheman requested a review from a team as a code owner March 29, 2024 22:18
@miketheman miketheman enabled auto-merge (squash) April 1, 2024 13:46
@miketheman
Copy link
Member Author

Note to self: rebase and resolve conflicts with security policy once #15692 is out.

As a precursor to further modification. reorder the behavior in the
check.

- Place both conditions behind a common `if` statement
- Place the most-specific match first (file_upload) so that any further
  string matching won't affect this behavior

Signed-off-by: Mike Fiedler <[email protected]>
New actions, such as reporting malware via web UI, now require 2FA.

Signed-off-by: Mike Fiedler <[email protected]>
Leftover from pypi#15142

Signed-off-by: Mike Fiedler <[email protected]>
It's annoying to have to reauth when coming from a site like
Inspector, increasing friction where it's not exactly warranted.
If you're already logged in, that's good enough.

Signed-off-by: Mike Fiedler <[email protected]>
Signed-off-by: Mike Fiedler <[email protected]>
@miketheman miketheman force-pushed the miketheman/2fa-4-all branch from c481bbf to bbfb495 Compare April 1, 2024 16:45
@miketheman miketheman requested a review from di April 1, 2024 19:17
@miketheman miketheman merged commit 4caaf35 into pypi:main Apr 1, 2024
@miketheman miketheman deleted the miketheman/2fa-4-all branch April 1, 2024 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants