Toolforge admin accounts (maintainers of the admin tool) can manage Striker via the Django admin console at https://toolsadmin.wikimedia.org/contrib-admin/. Logging in via its internal login form and not the main one will bypass 2-factor authentication. Not sure if this applies to all accounts or just admins.
Description
Details
- Author Affiliation
- Wikimedia Communities
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Use normal login flow for admin site | labs/striker | master | +82 -14 |
Event Timeline
Wikitech 2FA is also bypassed by Gerrit and Phabricator in all operations. The effort I went to to support the spirit of Wikitech 2FA in Striker was pretty large, and honestly I'm not really convinced that it was worth it. If there is any fix here it is probably figuring out how to completely disable the contrib-admin login flow.
That was my thinking. I actually didn't notice this interface was even there. The interface looks like it could even be useful, but that doesn't mean it totally fits the security model of the site.
It is not linked anywhere in the public UI. It is semi-obvious if you are used to doing Django development and look at the urls.py router setup.
The interface looks like it could even be useful, but that doesn't mean it totally fits the security model of the site.
The /contrib-admin/ route exposes Django's https://docs.djangoproject.com/en/2.2/ref/contrib/admin/ which can be much nicer to use than direct db calls when browsing the db as a "root" user.
Following https://docs.djangoproject.com/en/2.2/ref/contrib/admin/#root-and-login-templates and setting up a login template and form that doesn't actually log you in would be one way to disable the login here. In theory these same settings could be used to replace the default form and auth flow too, but I'm not sure that is actually needed.
This is low-risk enough that I'm pushing this through Gerrit. https://gerrit.wikimedia.org/r/c/labs/striker/+/1009258