Steps to replicate the issue:
- Set up 2FA using TOTP or WebAuthn using Special:Manage Two-factor authentication (e.g. on enwiki)
- On Special:Manage Two-factor authentication, under "Switch to an alternative method", select "Enable" for the method that was not set up
- Go through login and 2FA confirmation process
- Confirm switching method (click button)
- Go through setup process for new method
What happens?:
An error message is shown:
[c4fa815b-f152-4751-87fd-2e0305ef9bbf] Fatal exception of type "InvalidArgumentException"
What should have happened instead?:
The 2FA method should have been switched.
Other information (browser name/version, screenshots, etc.):
I have tried this (including using different WebAuthn keys) on these platforms:
- Chrome / Chrome OS 126.0.6478.120
- Firefox 127.0.1 on Debian 12.5
Error
- mwversion: 1.43.0-wmf.10
- reqId: c4fa815b-f152-4751-87fd-2e0305ef9bbf
- Find reqId in Logstash
[{reqId}] {exception_url} InvalidArgumentException: User already has a key from a different module enabled (totp)
from /srv/mediawiki/php-1.43.0-wmf.10/extensions/OATHAuth/src/OATHUserRepository.php(162) #0 /srv/mediawiki/php-1.43.0-wmf.10/extensions/WebAuthn/src/Authenticator.php(330): MediaWiki\Extension\OATHAuth\OATHUserRepository->createKey(MediaWiki\Extension\OATHAuth\OATHUser, MediaWiki\Extension\WebAuthn\Module\WebAuthn, array, string) #1 /srv/mediawiki/php-1.43.0-wmf.10/extensions/WebAuthn/src/HTMLForm/WebAuthnAddKeyForm.php(74): MediaWiki\Extension\WebAuthn\Authenticator->continueRegistration(stdClass) #2 [internal function]: MediaWiki\Extension\WebAuthn\HTMLForm\WebAuthnAddKeyForm->onSubmit(array, MediaWiki\Extension\WebAuthn\HTMLForm\WebAuthnAddKeyForm) #3 /srv/mediawiki/php-1.43.0-wmf.10/includes/htmlform/HTMLForm.php(792): call_user_func(array, array, MediaWiki\Extension\WebAuthn\HTMLForm\WebAuthnAddKeyForm) #4 /srv/mediawiki/php-1.43.0-wmf.10/includes/htmlform/HTMLForm.php(673): MediaWiki\HTMLForm\HTMLForm->trySubmit() #5 /srv/mediawiki/php-1.43.0-wmf.10/includes/htmlform/HTMLForm.php(689): MediaWiki\HTMLForm\HTMLForm->tryAuthorizedSubmit() #6 /srv/mediawiki/php-1.43.0-wmf.10/extensions/OATHAuth/src/HTMLForm/OATHAuthOOUIHTMLForm.php(81): MediaWiki\HTMLForm\HTMLForm->show() #7 /srv/mediawiki/php-1.43.0-wmf.10/extensions/OATHAuth/src/Special/OATHManage.php(247): MediaWiki\Extension\OATHAuth\HTMLForm\OATHAuthOOUIHTMLForm->show(NULL) #8 /srv/mediawiki/php-1.43.0-wmf.10/extensions/OATHAuth/src/Special/OATHManage.php(185): MediaWiki\Extension\OATHAuth\Special\OATHManage->addCustomContent(MediaWiki\Extension\WebAuthn\Module\WebAuthn) #9 /srv/mediawiki/php-1.43.0-wmf.10/extensions/OATHAuth/src/Special/OATHManage.php(105): MediaWiki\Extension\OATHAuth\Special\OATHManage->addModuleHTML(MediaWiki\Extension\WebAuthn\Module\WebAuthn) #10 /srv/mediawiki/php-1.43.0-wmf.10/includes/specialpage/SpecialPage.php(719): MediaWiki\Extension\OATHAuth\Special\OATHManage->execute(NULL) #11 /srv/mediawiki/php-1.43.0-wmf.10/includes/specialpage/SpecialPageFactory.php(1694): MediaWiki\SpecialPage\SpecialPage->run(NULL) #12 /srv/mediawiki/php-1.43.0-wmf.10/includes/actions/ActionEntryPoint.php(502): MediaWiki\SpecialPage\SpecialPageFactory->executePath(string, MediaWiki\Context\RequestContext) #13 /srv/mediawiki/php-1.43.0-wmf.10/includes/actions/ActionEntryPoint.php(145): MediaWiki\Actions\ActionEntryPoint->performRequest() #14 /srv/mediawiki/php-1.43.0-wmf.10/includes/MediaWikiEntryPoint.php(200): MediaWiki\Actions\ActionEntryPoint->execute() #15 /srv/mediawiki/php-1.43.0-wmf.10/index.php(58): MediaWiki\MediaWikiEntryPoint->run() #16 /srv/mediawiki/w/index.php(3): require(string) #17 {main}