Page MenuHomePhabricator
Create Task
Maniphest T420908

OATHAuth: Indicate that the user has temporary recovery codes
Closed, ResolvedPublic
Actions

Description

In T420201, support for temporary codes has been implemented. They will be generated as part of the account recovery process (T420200). Because these codes are not meant to be stored indefinitely, they are not displayed on the Special:AccountSecurity page.

However, the user can still benefit from knowing that such codes exist on their account and ability to invalidate them earlier.

Acceptance criteria

  • Special:AccountSecurity displays information that temporary codes exist on the user account, along with the expiration date
  • User can invalidate the temporary codes earlier – this won't change the permanent codes

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Indicate that user has temp. recovery code and allow to remove themmediawiki/extensions/OATHAuthmaster+238 -1
Customize query in gerrit

Related Objects

Event Timeline

mszwarc created this task.Mar 23 2026, 10:53 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 23 2026, 10:53 AM
mszwarc mentioned this in T420201: OATHAuth: Add support for expiring recovery codes.Mar 23 2026, 10:58 AM
mszwarc edited projects, added Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))); removed Product Safety and Integrity.Mar 23 2026, 1:06 PM
mszwarc moved this task from Backlog to In progress on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.
Reedy moved this task from Backlog to Features/Improvements on the MediaWiki-extensions-OATHAuth board.Mar 23 2026, 9:52 PM
gerritbot added a comment.Mar 24 2026, 9:29 AM

Change #1259860 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/extensions/OATHAuth@master] Indicate that user has temp. recovery code and allow to remove them

https://gerrit.wikimedia.org/r/1259860

gerritbot added a project: Patch-For-Review.Mar 24 2026, 9:30 AM
mszwarc moved this task from In progress to Needs review on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Mar 24 2026, 10:13 AM
gerritbot added a comment.Apr 10 2026, 9:14 AM

Change #1259860 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Indicate that user has temp. recovery code and allow to remove them

https://gerrit.wikimedia.org/r/1259860

Maintenance_bot removed a project: Patch-For-Review.Apr 10 2026, 9:32 AM
mszwarc closed this task as Resolved.Apr 10 2026, 9:49 AM
mszwarc moved this task from Needs review to Done on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.
mszwarc updated the task description. (Show Details)
ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.24; 2026-04-14).Apr 10 2026, 10:00 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits