Page MenuHomePhabricator
Create Task
Maniphest T251447

Assign oathauth-verify-user to stewards at metawiki
Closed, ResolvedPublic
Actions

Assigned To
Urbanecm
Authored By
Urbanecm
Apr 29 2020, 6:17 PM
Tags
Referenced Files
F31787167: image.png
Apr 29 2020, 7:27 PM
F31787169: image.png
Apr 29 2020, 7:27 PM
F31787174: image.png
Apr 29 2020, 7:27 PM
Subscribers
Aklapper
DannyS712
FriedrickMILBarbarossa
Johannnes89
jrbs
RhinosF1
Urbanecm
Tokens
"Pterodactyl" token, awarded by FriedrickMILBarbarossa.

Description

Since T209749, holders of oathauth-verify-user can view if user is enrolled in 2FA. This should be assigned to the stewards at meta, so they can query for 2FA status before granting sensitive rights.

Details

SubjectRepoBranchLines +/-
Assign oathauth-verify-user to stewardsoperations/mediawiki-configmaster+1 -0
Customize query in gerrit

Related Objects

Event Timeline

Urbanecm created this task.Apr 29 2020, 6:17 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 29 2020, 6:17 PM
gerritbot added a comment.Apr 29 2020, 6:18 PM

Change 593286 had a related patch set uploaded (by Urbanecm; owner: Urbanecm):
[operations/mediawiki-config@master] Assign oathauth-verify-user to stewards

https://gerrit.wikimedia.org/r/593286

gerritbot added a project: Patch-For-Review.Apr 29 2020, 6:18 PM
RhinosF1 subscribed.Apr 29 2020, 6:20 PM
Urbanecm moved this task from Backlog to Analysis / under discussion on the Wikimedia-Site-requests board.Apr 29 2020, 6:33 PM
Urbanecm added a subscriber: jrbs.

I talked to @jrbs about this, waiting for his comment before moving further.

jrbs added a comment.Apr 29 2020, 6:49 PM

Just to confirm, what is the output of Special:VerifyOATHForUser? Is it a binary yes/no, or does it provide other information?

Urbanecm added a comment.Apr 29 2020, 7:27 PM
In T251447#6094860, @jrbs wrote:

Just to confirm, what is the output of Special:VerifyOATHForUser? Is it a binary yes/no, or does it provide other information?

To summarize, a binary information. For your convinience, here are screenshots of that form:

Query form:

image.png (586×1 px, 116 KB)

Yes:

image.png (597×1 px, 116 KB)

No:

image.png (541×1 px, 114 KB)

The log looks like this:

21:26, 29 April 2020 Martin Urbanec talk contribs block checked if User:Martin Urbanec had two-factor authentication enabled (test)

and is available only to those who can view 2FA enrollment status (as-of today, no one, once this gets resolved, the stewards).

DannyS712 added a project: Privacy.Apr 29 2020, 10:19 PM
DannyS712 subscribed.
In T251447#6094977, @Urbanecm wrote:
In T251447#6094860, @jrbs wrote:

Just to confirm, what is the output of Special:VerifyOATHForUser? Is it a binary yes/no, or does it provide other information?

To summarize, a binary information. For your convinience, here are screenshots of that form:

Query form:

image.png (586×1 px, 116 KB)

Yes:

image.png (597×1 px, 116 KB)

No:

image.png (541×1 px, 114 KB)

The log looks like this:

21:26, 29 April 2020 Martin Urbanec talk contribs block checked if User:Martin Urbanec had two-factor authentication enabled (test)

and is available only to those who can view 2FA enrollment status (as-of today, no one, once this gets resolved, the stewards).

Staff should be able to get access via the global group?

Urbanecm added a comment.Apr 29 2020, 10:31 PM

To clarify, this ticket is about the stewards only. Traditionally, the stewards don't change staff's power without direct request to do so made by the Foundation. So, if and how staff will have this depends on further discussion and is out of scope. I hope this makes sense.

jrbs added a comment.Apr 30 2020, 5:45 PM

Just spoke with Jan and the privacy team in Legal, and both are comfortable with proceeding in applying this right to the Stewards group.

I'm not sure about the staff thing just yet. I don't think it is necessary since those who need this data can access it through the databases.

Urbanecm added a comment.Apr 30 2020, 9:06 PM

Thanks!

gerritbot added a comment.Apr 30 2020, 11:03 PM

Change 593286 merged by jenkins-bot:
[operations/mediawiki-config@master] Assign oathauth-verify-user to stewards

https://gerrit.wikimedia.org/r/593286

Stashbot added a comment.Apr 30 2020, 11:05 PM

Mentioned in SAL (#wikimedia-operations) [2020-04-30T23:05:41Z] <urbanecm@deploy1001> Synchronized wmf-config/InitialiseSettings.php: SWAT: cf5f7ff: Assign oathauth-verify-user to stewards (T251447) (duration: 01m 05s)

Maintenance_bot removed a project: Patch-For-Review.Apr 30 2020, 11:10 PM
Urbanecm closed this task as Resolved.Apr 30 2020, 11:51 PM
Urbanecm claimed this task.

Done. This will be automatically available to stews once train gets to Meta.

Restricted Application added a project: User-Urbanecm. · View Herald TranscriptApr 30 2020, 11:51 PM
Xaosflux mentioned this in T265726: Assign oathauth-verify-user to bureaucrats on WMF wikis.Oct 16 2020, 1:56 PM
FriedrickMILBarbarossa added a project: Stewards-and-global-tools.Apr 29 2021, 11:06 AM
FriedrickMILBarbarossa added a project: MediaWiki-extensions-OATHAuth.Apr 29 2021, 11:10 AM
FriedrickMILBarbarossa subscribed.Apr 29 2021, 11:19 AM
Urbanecm removed a project: MediaWiki-extensions-OATHAuth.Apr 29 2021, 2:30 PM

This is not related to the codebase, I merely changed WMF-specific config here.

FriedrickMILBarbarossa awarded a token.May 14 2021, 3:54 AM
Johannnes89 subscribed.May 25 2024, 12:08 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits