Page MenuHomePhabricator

Make some authentication APIs unavailable to temporary users
Open, Needs TriagePublic


The following throw a notloggedin error for anonymous users, and should do the same for temporary users:

  • ApiChangeAuthenticationData
  • ApiRemoveAuthenticationData
  • ApiLinkAccount
  • TemporaryPasswordPrimaryAuthenticationProvider
  • ApiValidatePassword

Event Timeline

Tchanders added a subscriber: tstarling.

@tstarling Before we pick this up, is there any reason why a temporary account should have access to any of these?