Page MenuHomePhabricator
Create Task
Maniphest T329179

Reset 2FA for Developer account 'Rosalie Perside (WMDE)' and Phabricator account @Rosalie_WMDE
Closed, ResolvedPublic
Actions

Description

I lost my phone and have lost my 2FA token for logging into Phabricator using my Developer account. Please reset my 2FA on my account so that I can continue using my Developer account.

Event Timeline

Rosalie_WMDE created this task.Feb 8 2023, 2:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 8 2023, 2:37 PM
WMDE-leszek edited subscribers, added: WMDE-leszek, conny-kawohl_WMDE; removed: User-WMDE-leszek.Feb 8 2023, 2:45 PM
bd808 renamed this task from Account recovery help needed for Developer account Rosalie_WMDE to Account recovery help needed for Developer account 'Rosalie Perside (WMDE)'.Feb 8 2023, 5:53 PM
bd808 subscribed.Feb 8 2023, 6:01 PM

@Rosalie_WMDE, could you please clarify if you need help with removing 2FA from your Developer account (https://wikitech.wikimedia.org/wiki/User:Rosalie_Perside_(WMDE)) or from your Phabricator account (@Rosalie_WMDE). Wikitech and Phabricator have separate 2FA solutions and support requests for disabling are typically handled by different folks.

Rosalie_WMDE added a comment.Feb 9 2023, 8:13 AM

Hello @bd808 , I need 2FA removed from my phabricator account and my Developer account please

Aklapper added a comment.Feb 9 2023, 9:17 AM

Phabricator ideally would be a different request as those are different systems and different project tags. Could someone from WMDE vouch please, for verification?

conny-kawohl_WMDE added a comment.Feb 9 2023, 10:14 AM

Hi @Aklapper, I'm Conny Kawohl, Engineering Manager for @Rosalie_WMDE's team and I can vouch for the validity of this change request

Aklapper renamed this task from Account recovery help needed for Developer account 'Rosalie Perside (WMDE)' to Reset 2FA for Developer account 'Rosalie Perside (WMDE)' and Phabricator account @Rosalie_WMDE.Feb 9 2023, 10:55 AM
Aklapper removed Rosalie_WMDE as the assignee of this task.
Aklapper added a project: Phabricator.

Thanks. Stripped in Phabricator:

aklapper@phab1004:~$ sudo /srv/phab/phabricator/bin/auth strip --all-types --user Rosalie_WMDE
These auth factors will be stripped:
    Rosalie_WMDE	totp	Mobile Phone App (TOTP)
    Strip these authentication factors? [y/N] y
Stripping authentication factors...
Done.
aklapper@phab1004:~$
bd808 added a comment.Feb 10 2023, 12:59 AM

@Rosalie_WMDE, please follow the steps at https://wikitech.wikimedia.org/wiki/Password_and_2FA_reset#For_users to provide proof of control of the 'Rosalie Perside (WMDE)' Developer account.

Rosalie_WMDE added a comment.Feb 13 2023, 8:51 AM

Thank you

Rosalie_WMDE added a comment.Feb 13 2023, 12:42 PM

@bd808 running ssh bastion.wmcloud.org gives me permission denied public key. Also, I don´t have access o my wikitech account , please what do you suggest I do?

bd808 added a comment.Feb 13 2023, 4:27 PM
In T329179#8609825, @Rosalie_WMDE wrote:

@bd808 running ssh bastion.wmcloud.org gives me permission denied public key. Also, I don´t have access o my wikitech account , please what do you suggest I do?

The 'Rosalie Perside (WMDE)' account is a member of the bastion project and also has an SSH public key associated with it. I would guess that your attempt at connecting failed because you used the wrong username (rosalie-wmde is the shell name of the account), the wrong ssh key (expected public key is ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8kI8GBFC6vtMD0+vWoXqJG6wfpiuHYgx8YKxeg4SmysPBsOAuX8nUzSgY91aT8n736Z8T4N1IQa3ZXzCP5Qt8BNg/36jBTnk8rgsWz7oS33QqPc+pDFiOaTdfhEomHscpvtDIjZgoIAv0X/Zqhxd+F3h71oN0vq9z3/GXa5BC3EKR6AKGg/4w85yNGnPQi6pES0ieGZLp2ZM5srcqRtQqW1XMqS9r9qlOdVVMDKe6Jglill/nkL5NbU9ehA5fOX+AgXvdWBVkytiZtdHpPK97FcrwGZlnu4lBQSKEC7NeC10wjWvUZyGLXFzzV72YXQkh1Hi7cLPr2GDU0fTJm/fn), or both.

If you can't verify the account ownership using ssh, I suppose we can rely on the data from T329179#8600696 in the same way that @Aklapper did. Things just feel nicer when they align with published policies.

Rosalie_WMDE added a comment.Feb 22 2023, 3:07 PM

Thank you. Sorry for the delay I was out of office for a while. Here is the output from the last command 103015:/home/pero/2fa-reset-request.txt
`

bd808 added a comment.Feb 22 2023, 4:31 PM
In T329179#8637506, @Rosalie_WMDE wrote:

Thank you. Sorry for the delay I was out of office for a while. Here is the output from the last command 103015:/home/pero/2fa-reset-request.txt
`

@Rosalie_WMDE, what host did you create the file on? I need to find it so I can verify the ownership and contents. The "103015" output from what theoretically was from hostname -f which typically in a Cloud VPS instance will present the fully qualified domain name of the host. Obviously that string is not a FQDN.

Rosalie_WMDE added a comment.Feb 23 2023, 7:00 AM

@bd808, you are right.
This is the correct string bastion-eqiad1-03.bastion.eqiad1.wikimedia.cloud:/home/rosalie-wmde/2fa-reset-request.txt

bd808 closed this task as Resolved.Feb 23 2023, 5:29 PM
bd808 claimed this task.
$ ssh root@bastion-eqiad1-03.bastion.eqiad1.wikimedia.cloud
$ ls -lh /home/rosalie-wmde/2fa-reset-request.txt
-rw------- 1 rosalie-wmde wikidev 47 Feb 23 06:58 /home/rosalie-wmde/2fa-reset-request.txt
$ cat /home/rosalie-wmde/2fa-reset-request.txt
https://phabricator.wikimedia.org/Rosalie_WMDE

The contents of the file are not quite what is described at https://wikitech.wikimedia.org/wiki/Password_and_2FA_reset#For_users, but along with other evidence I am satisfied that this is a legitimate request.

$ ssh cloudweb1003.wikimedia.org
$ mwscript extensions/OATHAuth/maintenance/disableOATHAuthForUser.php --wiki=labswiki 'Rosalie Perside (WMDE)'

*******************************************************************************
NOTE: Do not run maintenance scripts directly, use maintenance/run.php instead!
      Running scripts directly has been deprecated in MediaWiki 1.40.
      It may not work for some (or any) scripts in the future.
*******************************************************************************

OATHAuth disabled for Rosalie Perside (WMDE).
Restricted Application added a project: User-bd808. · View Herald TranscriptFeb 23 2023, 5:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL