Page MenuHomePhabricator

Enable 2FA normal login
Open, Needs TriagePublic

Description

Currently accounts that use 2FA security can't get login with PWB on the wiki without using other type of authentication such as BotPasswords or OAuth.

if you enable two-factor authentication[1] on the bot's account, Special:UserLogin will return a second page asking for the second factor and action=clientlogin will return a response with a similar request, while action=login will just fail.

So in theory it can be possible to use action=clientlogin to perform an authentication with 2FA.

See the related task for Huggle software and the research made : T180279: Enable 2FA normal login

Event Timeline

Restricted Application added subscribers: pywikibot-bugs-list, Aklapper. · View Herald TranscriptFeb 1 2018, 10:26 PM
Masti added a subscriber: Masti.Feb 2 2018, 12:02 AM
Dalba added a subscriber: Dalba.Mar 21 2018, 7:05 AM

@Anomie, Is there any way to simulate/force an OpenID/Captcha authentication process for testing purposes or any wiki which we can test this on?

If you fail 3 logins on a WMF wiki, I believe it'll send a captcha for additional attempts from that IP or username.

If you set up your own wiki to test things on, you can configure things however you like.