⚓ T195207 Special page to disable OATH for other users

	Subject	Repo	Branch	Lines +/-
	Add SpecialDisableOATHForUser	mediawiki/extensions/OATHAuth	master	+121 -3
	Don't allow sysop users to disable 2FA for other users	operations/mediawiki-config	master	+2 -0

Status	Assigned	Task
Open	None	T100375 Improve user experience of Two-Factor process
Open	None	T166622 Allow all users on all wikis to use OATHAuth
Open	None	T180896 Allow functionaries to reset second factor on low-risk accounts
Resolved	Ladsgroup	T195207 Special page to disable OATH for other users

Ladsgroup created this task.May 20 2018, 2:24 PM

Restricted Application added a project: User-Ladsgroup. · View Herald TranscriptMay 20 2018, 2:24 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Is this the same as T180896: Allow functionaries to reset second factor on low-risk accounts?

In T195207#4219599, @Tgr wrote:

Is this the same as T180896: Allow functionaries to reset second factor on low-risk accounts?

Vaguely. Let's make this one into the addition of the special form. Make T180896 the rollout of the functionality (add the right to wmf-config etc)

Although the other is blocked on legal review... There's no reason to block the implementation; third party wikis potentially have a use for this too

Change 434197 had a related patch set uploaded (by Ladsgroup; owner: Amir Sarabadani):
[mediawiki/extensions/OATHAuth@master] Add SpecialDisableOATHForUser

https://gerrit.wikimedia.org/r/434197

gerritbot added a project: Patch-For-Review.May 20 2018, 4:47 PM

Reedy triaged this task as Medium priority.May 31 2018, 12:51 PM

• Vvjjkkii renamed this task from Special page to disable OATH for other users to wkcaaaaaaa.Jul 1 2018, 1:08 AM

• Vvjjkkii removed Ladsgroup as the assignee of this task.

• Vvjjkkii raised the priority of this task from Medium to High.

• Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).

• Vvjjkkii updated the task description. (Show Details)

• Vvjjkkii removed subscribers: gerritbot, Aklapper.

CommunityTechBot renamed this task from wkcaaaaaaa to Special page to disable OATH for other users.Jul 1 2018, 7:26 PM

CommunityTechBot assigned this task to Ladsgroup.

CommunityTechBot lowered the priority of this task from High to Medium.

CommunityTechBot updated the task description. (Show Details)

CommunityTechBot removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.

CommunityTechBot added subscribers: gerritbot, Aklapper.

Ladsgroup moved this task from Incoming to Blocked on others on the User-Ladsgroup board.Aug 22 2018, 6:09 PM

Change 469886 had a related patch set uploaded (by Reedy; owner: Reedy):
[operations/mediawiki-config@master] Don't allow sysop users to disable 2FA for other users

https://gerrit.wikimedia.org/r/469886

Change 469886 merged by jenkins-bot:
[operations/mediawiki-config@master] Don't allow sysop users to disable 2FA for other users

https://gerrit.wikimedia.org/r/469886

Change 434197 merged by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Add SpecialDisableOATHForUser

https://gerrit.wikimedia.org/r/434197

ReleaseTaggerBot added a project: MW-1.33-notes (1.33.0-wmf.2; 2018-10-30).Oct 26 2018, 4:00 PM

Reedy closed this task as Resolved.Oct 26 2018, 7:48 PM

Reedy removed a project: Patch-For-Review.

MarcoAurelio mentioned this in T210919: Use of 'oathauth-disable-for-user' must be logged, with reason.Dec 1 2018, 12:54 PM

DannyS712 mentioned this in T265693: `oathauth-disable-header` message is missing.Oct 15 2020, 11:03 PM