Page MenuHomePhabricator

users with oathauth-enable access via global groups are unable to enroll in two factor authentication
Closed, InvalidPublic

Description

users with oathauth-enable access via global groups are unable to entroll in two factor authentication

Reported on meta ( https://meta.wikimedia.org/w/index.php?title=Steward_requests%2FGlobal_permissions&type=revision&diff=18703468&oldid=18703364 )

Report says that users such as global sysops with Enable two-factor authentication (oathauth-enable) permissions globally are unable to access enrollment unless they are also a member of a local group with access on the project they are trying to use

Event Timeline

I was able to enable it using a sock with GS access.

@Chrissymad can you describe the problem you found more here please?

@Matiia during your test which project did you use Special:Two-factor_authentication on?

Vermont renamed this task from users with oathauth-enable access via global groups are unable to entroll in two factor authentication to users with oathauth-enable access via global groups are unable to enroll in two factor authentication.Dec 10 2018, 2:48 PM

The ones Praxidicae told me that she tried: Mediawikiwiki and snwiki.

On your own test, where were you successful? (Was it anywhere BESIDES meta?)

Reedy changed the task status from Open to Stalled.EditedDec 13 2018, 12:14 AM
Reedy subscribed.

I can't replicate this. I disabled 2FA on my staff account (Global groups: Staff, System administrators - no local admin on any wiki) https://en.wikipedia.org/wiki/Special:CentralAuth/Reedy_(WMF) and was able to re-enable it fine

What does "unable to access enrollment" mean?

What does "available" mean?

Does it mean you can't get to Special:Two-factor_authentication?

I'll follow up with the reporter again.

Closing as unable to be replicated and no additional information from reporter.