Page MenuHomePhabricator
Create Task
Maniphest T332411

Make some authentication APIs unavailable to temporary users
Open, Needs TriagePublic
Actions

Description

The following throw a notloggedin error for anonymous users, and should do the same for temporary users:

  • ApiChangeAuthenticationData
  • ApiRemoveAuthenticationData
  • ApiLinkAccount
  • TemporaryPasswordPrimaryAuthenticationProvider
  • ApiValidatePassword

Related Objects
Search...

Event Timeline

Tchanders created this task.Fri, Mar 17, 3:56 PM
Tchanders mentioned this in T326759: Investigate: Which WMF deployed code might be affected by IP Masking?.
Tchanders added a subscriber: tstarling.

@tstarling Before we pick this up, is there any reason why a temporary account should have access to any of these?

MusikAnimal removed a subscriber: MusikAnimal.Fri, Mar 17, 11:21 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL