Page MenuHomePhabricator
Create Task
Maniphest T150563

OATHAuth re-auth for certain actions
Closed, InvalidPublic
Actions

Description

If a user account is using OATHAuth, for actions such as PasswordReset, they should be made to enter a new OATHAuth token before being allowed to continue. Similar to how phab has a "secure" mode for certain actions

I'm not sure what else this may be appropriate for, but keeping it "extensible"/making things as requiring reauth might be useful for some wikis for other sensitive actions...

Potentially things like viewing CheckUser stuff in a non fresh session?

Event Timeline

Reedy created this task.Nov 12 2016, 1:28 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 12 2016, 1:28 AM
Xaosflux subscribed.Nov 12 2016, 11:49 PM
Krenair subscribed.Nov 13 2016, 3:58 AM
TheDJ subscribed.Nov 13 2016, 10:58 AM
Xaosflux added a comment.Nov 15 2016, 4:34 AM

@Reedy I don't think this is really an OATH issue. This already is happening for certain sensitive actions such as password change and email change. This could be accomplished by simply requiring re-authentication in general for additional actions.

Reedy added a comment.Nov 15 2016, 11:15 AM
In T150563#2794606, @Xaosflux wrote:

@Reedy I don't think this is really an OATH issue. This already is happening for certain sensitive actions such as password change and email change. This could be accomplished by simply requiring re-authentication in general for additional actions.

Are you sure? I just changed the password on my main account, no password re-entry or similar was required

Xaosflux added a comment.Nov 16 2016, 5:39 AM

I believe it is time based - had you recently authenticated before attempting this?

Reedy moved this task from Backlog to Need for Deployment on the MediaWiki-extensions-OATHAuth board.Nov 16 2016, 10:37 PM
Reedy closed this task as Invalid.Nov 18 2016, 12:42 AM
In T150563#2798006, @Xaosflux wrote:

I believe it is time based - had you recently authenticated before attempting this?

Yup, seems you're right; this works already

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL