Page MenuHomePhabricator
Create Task
Maniphest T211532

users with oathauth-enable access via global groups are unable to enroll in two factor authentication
Closed, InvalidPublic
Actions

Description

users with oathauth-enable access via global groups are unable to entroll in two factor authentication

Reported on meta ( https://meta.wikimedia.org/w/index.php?title=Steward_requests%2FGlobal_permissions&type=revision&diff=18703468&oldid=18703364 )

Report says that users such as global sysops with Enable two-factor authentication (oathauth-enable) permissions globally are unable to access enrollment unless they are also a member of a local group with access on the project they are trying to use

Event Timeline

Xaosflux created this task.Dec 10 2018, 2:03 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 10 2018, 2:03 AM
Xaosflux added a subscriber: Praxidicae.Dec 10 2018, 2:03 AM
Matiia subscribed.Dec 10 2018, 2:06 AM

I was able to enable it using a sock with GS access.

Xaosflux added a comment.Dec 10 2018, 2:39 AM

@Chrissymad can you describe the problem you found more here please?

Vermont subscribed.Dec 10 2018, 12:28 PM
Xaosflux added a comment.Dec 10 2018, 2:47 PM

@Matiia during your test which project did you use Special:Two-factor_authentication on?

Vermont renamed this task from users with oathauth-enable access via global groups are unable to entroll in two factor authentication to users with oathauth-enable access via global groups are unable to enroll in two factor authentication.Dec 10 2018, 2:48 PM
Matiia added a comment.Dec 10 2018, 8:34 PM

The ones Praxidicae told me that she tried: Mediawikiwiki and snwiki.

Xaosflux added a comment.Dec 10 2018, 10:14 PM

On your own test, where were you successful? (Was it anywhere BESIDES meta?)

Matiia added a comment.Dec 10 2018, 11:09 PM

Mediawikiwiki and snwiki.

Reedy changed the task status from Open to Stalled.EditedDec 13 2018, 12:14 AM
Reedy subscribed.

I can't replicate this. I disabled 2FA on my staff account (Global groups: Staff, System administrators - no local admin on any wiki) https://en.wikipedia.org/wiki/Special:CentralAuth/Reedy_(WMF) and was able to re-enable it fine

What does "unable to access enrollment" mean?

What does "available" mean?

Does it mean you can't get to Special:Two-factor_authentication?

Xaosflux added a comment.Dec 13 2018, 3:45 AM

I'll follow up with the reporter again.

Xaosflux closed this task as Invalid.Dec 15 2018, 2:54 PM

Closing as unable to be replicated and no additional information from reporter.

Xaosflux claimed this task.Dec 15 2018, 2:55 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits