Page MenuHomePhabricator
Create Task
Maniphest T150900

[Android] Allow users to log in with 2FA in the app
Closed, ResolvedPublic2 Estimated Story Points
Actions

Description

See also T150699

Details

SubjectRepoBranchLines +/-
Add basic 2FA supportapps/android/wikipediamaster+137 -11
Customize query in gerrit

Related Objects
Search...

Event Timeline

Reedy created this task.Nov 16 2016, 9:46 PM
Restricted Application added a project: Wikipedia-Android-App-Backlog. · View Herald TranscriptNov 16 2016, 9:46 PM
Tgr subscribed.Nov 17 2016, 12:32 AM
Krenair subscribed.Nov 17 2016, 10:02 AM
Mholloway added subscribers: Niedzielski, Dbrant.Nov 17 2016, 8:43 PM
Mholloway subscribed.

@Niedzielski , @Dbrant Blocker for beta?

Niedzielski triaged this task as High priority.Nov 17 2016, 8:48 PM

If this is the behavior of the current production release and not a regression, I don't think it's a blocker. If it is, this should be changed to unbreak now and a hotfix release should be considered.

Reedy added a comment.Nov 17 2016, 8:50 PM

FWIW, I'd at least handle the login better, and give some sort of useful error message. Currently it's mostly silent failure, and no indication what's wrong if you've enabled 2FA, just tries to login and goes back to the login screen.

Yes, 2FA should be supported (it is on the normal mobile site), but I'm not sure it's a major blocker, as long as like I say, you at least handle the error a bit better

Legoktm subscribed.Nov 17 2016, 8:52 PM

Probably the app is using action=login instead of action=clientlogin?

Mholloway added a comment.Nov 17 2016, 8:54 PM

Same behavior in all versions. I was writing up a separate task on login problems when I figured out what was going on. (I just got 2FA enabled on my staff and personal accounts yesterday.)

FWIW I don't think this will be a tough fix. We just need to add some logic to LoginClient to handle this response.

And yeah, we should make sure a blank snackbar isn't firing in the general case of an unrecognized response.

Tgr added a comment.Nov 17 2016, 9:01 PM
In T150900#2803838, @Legoktm wrote:

Probably the app is using action=login instead of action=clientlogin?

The app is using clientlogin but hardcoding what responses it expects. Ideally, it would implement the full AuthManager API instead (that is, form generation from a descriptor that you get from the authmanager info API instead of presupposing anything about the fields). That might be a lot of work though.

Dbrant added a comment.Nov 18 2016, 2:52 PM

Totally agree on providing better error feedback when TFA is enabled. Let's first understand the technical magnitude of adding TFA support for logging in. If it's a matter of adding one more parameter to the login request (and one more input field to our login screen), then we can just add it. If it's more complex than that, we'll just improve the error feedback, and prioritize full support for TFA for a later time.

Reedy added a comment.Nov 18 2016, 2:58 PM
In T150900#2806109, @Dbrant wrote:

Totally agree on providing better error feedback when TFA is enabled. Let's first understand the technical magnitude of adding TFA support for logging in. If it's a matter of adding one more parameter to the login request (and one more input field to our login screen), then we can just add it. If it's more complex than that, we'll just improve the error feedback, and prioritize full support for TFA for a later time.

Apparently, there's ways to link into Google Authenticator to have it fill the field automatically. I don't know how much work that would be, but would be a "nice to have" in the future

gerritbot subscribed.Nov 18 2016, 11:47 PM

Change 322366 had a related patch set uploaded (by Mholloway):
Add basic 2FA support

https://gerrit.wikimedia.org/r/322366

gerritbot added a project: Patch-For-Review.Nov 18 2016, 11:47 PM
Dbrant moved this task from Needs Triage to Android-app-release-v2.6.19x-Bermuda🌴 on the Wikipedia-Android-App-Backlog board.Nov 21 2016, 5:08 PM
Dbrant edited projects, added Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴); removed Wikipedia-Android-App-Backlog.
Nemo_bis added a subscriber: Josve05a.Nov 21 2016, 5:09 PM
bearND mentioned this in T150529: every edit save fails on 2.4.180-alpha-2016-11-10.Nov 21 2016, 5:52 PM
Mholloway claimed this task.Nov 21 2016, 5:54 PM
Mholloway added a subtask: T150529: every edit save fails on 2.4.180-alpha-2016-11-10.
Mholloway moved this task from To Do to Doing on the Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴) board.Nov 21 2016, 5:56 PM
Mholloway added a parent task: T151227: Update authentication flows.Nov 21 2016, 6:03 PM
Mholloway moved this task from Doing to Code Review on the Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴) board.Nov 28 2016, 6:12 PM
Dbrant closed subtask T150529: every edit save fails on 2.4.180-alpha-2016-11-10 as Resolved.Dec 2 2016, 4:33 PM
NHarateh_WMF set the point value for this task to 2.Dec 5 2016, 4:52 PM
Parent5446 merged a task: T154135: Unable to login to mobile app with 2FA enabled.Dec 26 2016, 8:27 PM
Parent5446 added a subscriber: Urbanecm.
Tbayer added subscribers: JD, Tbayer.Jan 9 2017, 11:15 AM

Another report (by @JD) about the same issue: https://de.wikipedia.org/wiki/Wikipedia_Diskussion:Technik/Mobil/App#2FA.3F

Niedzielski added a subscriber: Matanya.Jan 10 2017, 10:09 PM

@Matanya, unmerged patch alpha build :] https://drive.google.com/file/d/0B0mn_ZbhnHPWZmpiYlZock9kWkE/view?usp=sharing

gerritbot added a comment.Jan 24 2017, 8:46 PM

Change 322366 merged by jenkins-bot:
Add basic 2FA support

https://gerrit.wikimedia.org/r/322366

Matanya added a comment.Jan 24 2017, 9:29 PM

I tested the alpha build and it works well for me. thanks.

Dbrant awarded a token.Jan 24 2017, 9:30 PM
Mholloway mentioned this in T156200: Refine 2FA support.Jan 24 2017, 10:38 PM
Mholloway moved this task from Code Review to Ready for Signoff on the Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴) board.
Dbrant moved this task from Ready for Signoff to Done on the Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴) board.Jan 30 2017, 4:12 PM
Dbrant closed this task as Resolved.Jan 30 2017, 4:13 PM
Shanmugamp7 subscribed.Jan 31 2017, 8:46 AM
Framawiki subscribed.Nov 11 2017, 10:56 AM
Framawiki mentioned this in T180279: Enable 2FA normal login.Nov 11 2017, 7:37 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits