HomePhorge
Diffusion Phorge e919233b3182

Don't show personalized menu items until users establish a full session
e919233b3182
Actions

Description

Don't show personalized menu items until users establish a full session

Summary:
Depends on D18792. Fixes T13024. Fixes T89198. Currently, when users are logging in initially (for example, need to enter MFA) we show more menu items than we should.

Notably, we may show some personalized/private account details, like the number of unread notifications (probably not relevant) or a user's saved queries (possibly sensitive). At best these are misleading (they won't work yet) and there's an outside possibility they leak a little bit of private data.

Instead, nuke everything except "Log Out" when users have partial sessions.

Test Plan:
Hit a partial session (MFA required, email verification required) and looked at the menu. Only saw "Log Out".

{F5297713}

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13024

Differential Revision: https://secure.phabricator.com/D18793

Details

Provenance
epriestleyAuthored on Nov 27 2017, 5:53 PM
themackabuPushed on Mar 25 2025, 8:07 PM
Parents
rPdc62d18b4736: Allow MFA enrollment before email verification
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (4)

PathSize
src/
applications/
files/
controller/
people/
engineextension/
view/
page/
menu/

rPe919233b3182

View Options

src/applications/files/controller/PhabricatorFileDataController.php

Loading...
View Options

src/applications/people/engineextension/PeopleMainMenuBarExtension.php

Loading...
View Options

src/view/page/menu/PhabricatorMainMenuBarExtension.php

Loading...
View Options

src/view/page/menu/PhabricatorMainMenuView.php

Loading...