Page MenuHomePhabricator
Create Task
Maniphest T242031

Allow multiple different 2FA devices
Open, Needs TriagePublic
Actions

Assigned To
taavi
Authored By
Reedy
Jan 6 2020, 9:47 PM
Tags
Referenced Files
None
Subscribers
Ahm_masum
Aklapper
AntiCompositeNumber
jeblad
Ladsgroup
larissagaulia
Legoktm
View All 20 Subscribers
Tokens
"Love" token, awarded by TheresNoTime."Like" token, awarded by waldyrious.

Description

Creating as an umbrella for T232336: Separate recovery codes into a separate MFA method and T230042: Allow multiple totp devices

It should be possible to have TOTP and WebAuthn enabled

[21:28:13] <AntiComposite> I know it was just deployed, but is there a reason that OATHAuth only supports TOTP _or_ WebAuthn (U2F)?
[21:29:40] <AntiComposite> Every other service I use that supports WebAuthn supports both at the same time, which means I can use my hardware key on my laptop but fall back to my TOTP generator for my phone, where WebAuthn isn't supported in the browser.

db migration progress

checkuserwiki + techconductwiki DONE
remaining private wikis DONE
fishbowls DONE
wikitech DONE
ca wikis

  • WRITE_BOTH | READ_OLD
  • run script
  • WRITE_BOTH | READ_NEW
  • WRITE_NEW | READ_NEW

Details

Other Assignee
pmiazga
SubjectRepoBranchLines +/-
Auth: Inject the module instead of relying on getModule()mediawiki/extensions/OATHAuthmaster+12 -16
module: Stop using getModule() to check enablementmediawiki/extensions/WebAuthnmaster+1 -1
Do not cache keys in the credential repositorymediawiki/extensions/WebAuthnmaster+19 -49
OATHUser: Drop getFirstKey()mediawiki/extensions/OATHAuthmaster+0 -11
Use removeKey()/removeAll() where applicablemediawiki/extensions/WebAuthnmaster+15 -22
Make the TOTP disable form only remove that single keymediawiki/extensions/OATHAuthmaster+85 -21
Make Key objects aware of their database IDsmediawiki/extensions/OATHAuthmaster+96 -57
Remove uses of getFirstKeymediawiki/extensions/WebAuthnmaster+15 -25
Special: Cleanup module handlingmediawiki/extensions/OATHAuthmaster+18 -27
HookHandler: Use isTwoFactorAuthEnabled instead of comparing modulesmediawiki/extensions/OATHAuthmaster+1 -1
TOTP: Cleanup uses of getFirstKey, getModulemediawiki/extensions/OATHAuthmaster+21 -12
WebAuthnKey: Store the key idmediawiki/extensions/WebAuthnmaster+15 -1
ApiQueryOATH: do not use module to check enablementmediawiki/extensions/OATHAuthmaster+18 -7
Do not use Module when disabling OAuth for a usermediawiki/extensions/OATHAuthmaster+19 -7
Replace more users of getModule() for enabled checksmediawiki/extensions/OATHAuthmaster+5 -11
Database-level support for multiple auth devicesmediawiki/extensions/OATHAuthmaster+575 -131
Drop support for old device schemamediawiki/extensions/OATHAuthmaster+50 -128
Set WRITE_NEW for CA wikis on OATHAuth multiple devicesoperations/mediawiki-configmaster+1 -1
Set READ_NEW for CA wikis on OATHAuth multiple devicesoperations/mediawiki-configmaster+1 -1
Set WRITE_BOTH for CA wikis on OATHAuth multiple devicesoperations/mediawiki-configmaster+1 -1
Set WRITE_NEW for Wikitech on OATHAuth multiple devices migrationoperations/mediawiki-configmaster+1 -1
Set WRITE_NEW for OATHAuth multiple devices on fishbowls/privatesoperations/mediawiki-configmaster+2 -2
Set READ_NEW for Wikitech on OATHAuth multiple devices migrationoperations/mediawiki-configmaster+1 -1
Set OATHAuth multiple devices WRITE_BOTH for wikitechoperations/mediawiki-configmaster+1 -0
Set OATHAuth multiple devices READ_NEW for all fishbows, privatesoperations/mediawiki-configmaster+2 -4
Set OATHAuth multiple devices READ_NEW for checkuser, techconductoperations/mediawiki-configmaster+2 -2
Set OATHAuth multiple devices WRITE_BOTH for all privatesoperations/mediawiki-configmaster+1 -0
Set OATHAuth multiple devices WRITE_BOTH for all fishbowlsoperations/mediawiki-configmaster+1 -0
Set WRITE_BOTH for OAuth multiple devices to checkuserwikioperations/mediawiki-configmaster+1 -0
Set WRITE_BOTH for OAuth multiple devices to techconductwikioperations/mediawiki-configmaster+1 -0
Keep both tables up-to-date on WRITE_BOTHmediawiki/extensions/OATHAuthmaster+17 -22
Keep both tables up-to-date on WRITE_BOTHmediawiki/extensions/OATHAuthwmf/1.41.0-wmf.20+17 -22
Keep both tables up-to-date on WRITE_BOTHmediawiki/extensions/OATHAuthwmf/1.41.0-wmf.22+17 -22
OAuthUserRepository: Ensure we don't end up with duplicate rowsmediawiki/extensions/OATHAuthwmf/1.41.0-wmf.22+13 -3
OAuthUserRepository: Ensure we don't end up with duplicate rowsmediawiki/extensions/OATHAuthwmf/1.41.0-wmf.20+13 -3
OAuthUserRepository: Ensure we don't end up with duplicate rowsmediawiki/extensions/OATHAuthmaster+13 -3
[beta] Read new for OATHAuthMultipleDevicesMigrationStageoperations/mediawiki-configmaster+1 -1
[beta] Write both for OATHAuthMultipleDevicesMigrationStageoperations/mediawiki-configmaster+3 -0
Set OATHAuthMultipleDevicesMigrationStage to MIGRATION_OLDoperations/mediawiki-configmaster+2 -0
API: Do not expose the module name in the outputmediawiki/extensions/OATHAuthmaster+0 -2
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
gerritbot added a comment.Sep 7 2023, 9:22 AM

Change 955670 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/mediawiki-config@master] Set OATHAuth multiple devices READ_NEW for all fishbows, privates

https://gerrit.wikimedia.org/r/955670

gerritbot added a comment.Sep 7 2023, 1:28 PM

Change 955670 merged by jenkins-bot:

[operations/mediawiki-config@master] Set OATHAuth multiple devices READ_NEW for all fishbows, privates

https://gerrit.wikimedia.org/r/955670

gerritbot added a comment.Sep 7 2023, 1:28 PM

Change 955671 merged by jenkins-bot:

[operations/mediawiki-config@master] Set OATHAuth multiple devices WRITE_BOTH for wikitech

https://gerrit.wikimedia.org/r/955671

Stashbot added a comment.Sep 7 2023, 1:29 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-07T13:29:12Z] <taavi@deploy1002> Started scap: Backport for [[gerrit:955670|Set OATHAuth multiple devices READ_NEW for all fishbows, privates (T242031)]], [[gerrit:955671|Set OATHAuth multiple devices WRITE_BOTH for wikitech (T242031)]]

Stashbot added a comment.Sep 7 2023, 1:30 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-07T13:30:41Z] <taavi@deploy1002> taavi: Backport for [[gerrit:955670|Set OATHAuth multiple devices READ_NEW for all fishbows, privates (T242031)]], [[gerrit:955671|Set OATHAuth multiple devices WRITE_BOTH for wikitech (T242031)]] synced to the testservers mwdebug2001.codfw.wmnet, mwdebug2002.codfw.wmnet, mwdebug1001.eqiad.wmnet, mwdebug1002.eqiad.wmnet, and mw-debug kubernetes deployment (accessible via k8s-experimental XWD option)

Stashbot added a comment.Sep 7 2023, 1:38 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-07T13:38:04Z] <taavi@deploy1002> Finished scap: Backport for [[gerrit:955670|Set OATHAuth multiple devices READ_NEW for all fishbows, privates (T242031)]], [[gerrit:955671|Set OATHAuth multiple devices WRITE_BOTH for wikitech (T242031)]] (duration: 08m 52s)

Stashbot added a comment.Sep 7 2023, 1:38 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-07T13:38:55Z] <taavi> taavi@mwmaint1002 ~ $ mwscript extensions/OATHAuth/maintenance/UpdateForMultipleDevicesSupport.php --wiki=labswiki | tee oathauth-multiple-labswiki.log # T242031

gerritbot added a comment.Sep 19 2023, 7:37 PM

Change 959042 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/mediawiki-config@master] Set READ_NEW for Wikitech on OATHAuth multiple devices migration

https://gerrit.wikimedia.org/r/959042

gerritbot added a comment.Sep 19 2023, 7:37 PM

Change 959043 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/mediawiki-config@master] Set WRITE_NEW for OATHAuth multiple devices on fishbowls/privates

https://gerrit.wikimedia.org/r/959043

gerritbot added a comment.Sep 20 2023, 7:03 AM

Change 959042 merged by jenkins-bot:

[operations/mediawiki-config@master] Set READ_NEW for Wikitech on OATHAuth multiple devices migration

https://gerrit.wikimedia.org/r/959042

gerritbot added a comment.Sep 20 2023, 7:03 AM

Change 959043 merged by jenkins-bot:

[operations/mediawiki-config@master] Set WRITE_NEW for OATHAuth multiple devices on fishbowls/privates

https://gerrit.wikimedia.org/r/959043

Stashbot added a comment.Sep 20 2023, 7:05 AM

Mentioned in SAL (#wikimedia-operations) [2023-09-20T07:05:06Z] <taavi@deploy2002> Started scap: Backport for [[gerrit:959042|Set READ_NEW for Wikitech on OATHAuth multiple devices migration (T242031)]], [[gerrit:959043|Set WRITE_NEW for OATHAuth multiple devices on fishbowls/privates (T242031)]]

Stashbot added a comment.Sep 20 2023, 7:26 AM

Mentioned in SAL (#wikimedia-operations) [2023-09-20T07:26:54Z] <taavi@deploy2002> taavi: Backport for [[gerrit:959042|Set READ_NEW for Wikitech on OATHAuth multiple devices migration (T242031)]], [[gerrit:959043|Set WRITE_NEW for OATHAuth multiple devices on fishbowls/privates (T242031)]] synced to the testservers mwdebug2002.codfw.wmnet, mwdebug1001.eqiad.wmnet, mwdebug1002.eqiad.wmnet, mwdebug2001.codfw.wmnet, and mw-debug kubernetes deployment (accessible via k8s-experimental X

Stashbot added a comment.Sep 20 2023, 7:41 AM

Mentioned in SAL (#wikimedia-operations) [2023-09-20T07:41:16Z] <taavi@deploy2002> Finished scap: Backport for [[gerrit:959042|Set READ_NEW for Wikitech on OATHAuth multiple devices migration (T242031)]], [[gerrit:959043|Set WRITE_NEW for OATHAuth multiple devices on fishbowls/privates (T242031)]] (duration: 36m 09s)

gerritbot added a comment.Sep 26 2023, 8:37 PM

Change 961236 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/mediawiki-config@master] Set WRITE_NEW for Wikitech on OATHAuth multiple devices migration

https://gerrit.wikimedia.org/r/961236

gerritbot added a comment.Sep 26 2023, 8:37 PM

Change 961237 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/mediawiki-config@master] Set WRITE_BOTH for CA wikis on OATHAuth multiple devices

https://gerrit.wikimedia.org/r/961237

gerritbot added a comment.Sep 26 2023, 8:40 PM

Change 961236 merged by jenkins-bot:

[operations/mediawiki-config@master] Set WRITE_NEW for Wikitech on OATHAuth multiple devices migration

https://gerrit.wikimedia.org/r/961236

Stashbot added a comment.Sep 26 2023, 8:40 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-26T20:40:50Z] <taavi@deploy2002> Started scap: Backport for [[gerrit:961236|Set WRITE_NEW for Wikitech on OATHAuth multiple devices migration (T242031)]]

Stashbot added a comment.Sep 26 2023, 8:42 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-26T20:42:19Z] <taavi@deploy2002> taavi: Backport for [[gerrit:961236|Set WRITE_NEW for Wikitech on OATHAuth multiple devices migration (T242031)]] synced to the testservers mwdebug1001.eqiad.wmnet, mwdebug2002.codfw.wmnet, mwdebug1002.eqiad.wmnet, mwdebug2001.codfw.wmnet, and mw-debug kubernetes deployment (accessible via k8s-experimental XWD option)

Stashbot added a comment.Sep 26 2023, 8:48 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-26T20:48:29Z] <taavi@deploy2002> Finished scap: Backport for [[gerrit:961236|Set WRITE_NEW for Wikitech on OATHAuth multiple devices migration (T242031)]] (duration: 07m 38s)

gerritbot added a comment.Sep 28 2023, 1:45 PM

Change 961237 merged by jenkins-bot:

[operations/mediawiki-config@master] Set WRITE_BOTH for CA wikis on OATHAuth multiple devices

https://gerrit.wikimedia.org/r/961237

Stashbot added a comment.Sep 28 2023, 1:45 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-28T13:45:58Z] <taavi@deploy2002> Started scap: Backport for [[gerrit:961237|Set WRITE_BOTH for CA wikis on OATHAuth multiple devices (T242031)]]

Stashbot added a comment.Sep 28 2023, 1:47 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-28T13:47:19Z] <taavi@deploy2002> taavi: Backport for [[gerrit:961237|Set WRITE_BOTH for CA wikis on OATHAuth multiple devices (T242031)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Sep 28 2023, 1:57 PM

Mentioned in SAL (#wikimedia-operations) [2023-09-28T13:57:28Z] <taavi@deploy2002> Finished scap: Backport for [[gerrit:961237|Set WRITE_BOTH for CA wikis on OATHAuth multiple devices (T242031)]] (duration: 11m 02s)

Maintenance_bot removed a project: Patch-For-Review.Sep 28 2023, 2:12 PM
Stashbot added a comment.Oct 4 2023, 4:49 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-04T16:49:18Z] <taavi> taavi@mwmaint2002 ~ $ mwscript extensions/OATHAuth/maintenance/UpdateForMultipleDevicesSupport.php metawiki | tee T242031-sul.log # T242031

gerritbot added a comment.Oct 4 2023, 5:37 PM

Change 963388 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/mediawiki-config@master] Set READ_NEW for CA wikis on OATHAuth multiple devices

https://gerrit.wikimedia.org/r/963388

gerritbot added a project: Patch-For-Review.Oct 4 2023, 5:37 PM
gerritbot added a comment.Oct 10 2023, 8:39 PM

Change 963388 merged by jenkins-bot:

[operations/mediawiki-config@master] Set READ_NEW for CA wikis on OATHAuth multiple devices

https://gerrit.wikimedia.org/r/963388

Stashbot added a comment.Oct 10 2023, 8:40 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-10T20:40:16Z] <taavi@deploy2002> Started scap: Backport for [[gerrit:963388|Set READ_NEW for CA wikis on OATHAuth multiple devices (T242031)]]

Stashbot added a comment.Oct 10 2023, 8:41 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-10T20:41:40Z] <taavi@deploy2002> taavi: Backport for [[gerrit:963388|Set READ_NEW for CA wikis on OATHAuth multiple devices (T242031)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Oct 10 2023, 8:48 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-10T20:48:41Z] <taavi@deploy2002> Finished scap: Backport for [[gerrit:963388|Set READ_NEW for CA wikis on OATHAuth multiple devices (T242031)]] (duration: 08m 24s)

taavi updated the task description. (Show Details)Oct 10 2023, 9:08 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 10 2023, 9:10 PM
gerritbot added a comment.Oct 10 2023, 9:51 PM

Change 964986 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] Drop support for old device schema

https://gerrit.wikimedia.org/r/964986

gerritbot added a project: Patch-For-Review.Oct 10 2023, 9:51 PM

Change 964987 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] Make Key objects aware of their database IDs

https://gerrit.wikimedia.org/r/964987

gerritbot added a comment.Oct 10 2023, 9:51 PM

Change 964988 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] Make the TOTP disable form only remove that single key

https://gerrit.wikimedia.org/r/964988

gerritbot added a comment.Oct 10 2023, 9:51 PM

Change 964989 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] Do not use Module when disabling OAuth for a user

https://gerrit.wikimedia.org/r/964989

gerritbot added a comment.Oct 10 2023, 10:35 PM

Change 964996 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/WebAuthn@master] WebAuthnKey: Store the key id

https://gerrit.wikimedia.org/r/964996

gerritbot added a comment.Oct 11 2023, 8:54 PM

Change 965250 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/mediawiki-config@master] Set WRITE_NEW for CA wikis on OATHAuth multiple devices

https://gerrit.wikimedia.org/r/965250

gerritbot added a comment.Oct 11 2023, 8:55 PM

Change 965250 merged by jenkins-bot:

[operations/mediawiki-config@master] Set WRITE_NEW for CA wikis on OATHAuth multiple devices

https://gerrit.wikimedia.org/r/965250

Stashbot added a comment.Oct 11 2023, 8:55 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-11T20:55:53Z] <taavi@deploy2002> Started scap: Backport for [[gerrit:965250|Set WRITE_NEW for CA wikis on OATHAuth multiple devices (T242031)]]

Stashbot added a comment.Oct 11 2023, 8:57 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-11T20:57:13Z] <taavi@deploy2002> taavi: Backport for [[gerrit:965250|Set WRITE_NEW for CA wikis on OATHAuth multiple devices (T242031)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

taavi updated the task description. (Show Details)Oct 11 2023, 9:04 PM
Stashbot added a comment.Oct 11 2023, 9:06 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-11T21:06:27Z] <taavi@deploy2002> Finished scap: Backport for [[gerrit:965250|Set WRITE_NEW for CA wikis on OATHAuth multiple devices (T242031)]] (duration: 10m 33s)

gerritbot added a comment.Oct 17 2023, 6:07 PM

Change 964986 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Drop support for old device schema

https://gerrit.wikimedia.org/r/964986

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.2; 2023-10-24).Oct 17 2023, 7:00 PM
gerritbot added a comment.Nov 23 2023, 7:00 PM

Change 977109 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] Replace more users of getModule() for enabled checks

https://gerrit.wikimedia.org/r/977109

gerritbot added a comment.Nov 23 2023, 7:00 PM

Change 977110 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] ApiQueryOATH: do not use module to check enablement

https://gerrit.wikimedia.org/r/977110

taavi added a project: MediaWiki-Platform-Team.Nov 24 2023, 12:15 PM

Hi, the patches starting from https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/964987 could use some reviews :-)

larissagaulia moved this task from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.Nov 27 2023, 4:08 PM
larissagaulia updated Other Assignee, added: pmiazga.
larissagaulia subscribed.

Thanks, Taavi. Piotr volunteered to take a look at the open patches. Please feel free to reach out to him :)

Marostegui closed subtask T348693: Drop oathauth_users table from production as Resolved.Nov 29 2023, 8:34 AM
larissagaulia moved this task from Current Sprint to Blocked/waiting on the MediaWiki-Platform-Team board.Dec 4 2023, 12:43 PM
pmiazga moved this task from Blocked/waiting to Current Sprint on the MediaWiki-Platform-Team board.Dec 15 2023, 2:04 PM
gerritbot added a comment.Dec 21 2023, 11:52 PM

Change 964989 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Do not use Module when disabling OAuth for a user

https://gerrit.wikimedia.org/r/964989

gerritbot added a comment.Dec 21 2023, 11:52 PM

Change 977109 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Replace more users of getModule() for enabled checks

https://gerrit.wikimedia.org/r/977109

gerritbot added a comment.Dec 21 2023, 11:52 PM

Change 977110 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] ApiQueryOATH: do not use module to check enablement

https://gerrit.wikimedia.org/r/977110

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.12; 2024-01-02); removed MW-1.42-notes (1.42.0-wmf.2; 2023-10-24).Dec 22 2023, 1:00 AM
gerritbot added a comment.Dec 25 2023, 12:07 PM

Change 985620 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/WebAuthn@master] Use removeKey()/removeAll() where applicable

https://gerrit.wikimedia.org/r/985620

gerritbot added a comment.Dec 26 2023, 2:55 PM

Change 964996 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] WebAuthnKey: Store the key id

https://gerrit.wikimedia.org/r/964996

gerritbot added a comment.Dec 28 2023, 10:29 AM

Change 986435 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] TOTP: Cleanup uses of getFirstKey, getModule

https://gerrit.wikimedia.org/r/986435

gerritbot added a comment.Dec 28 2023, 10:29 AM

Change 986436 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] Special: Cleanup module handling

https://gerrit.wikimedia.org/r/986436

gerritbot added a comment.Dec 28 2023, 10:29 AM

Change 986437 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] HookHandler: Use isTwoFactorAuthEnabled instead of comparing modules

https://gerrit.wikimedia.org/r/986437

gerritbot added a comment.Dec 28 2023, 10:37 AM

Change 986439 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/WebAuthn@master] Remove uses of getFirstKey

https://gerrit.wikimedia.org/r/986439

gerritbot added a comment.Dec 31 2023, 7:24 AM

Change 986435 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] TOTP: Cleanup uses of getFirstKey, getModule

https://gerrit.wikimedia.org/r/986435

gerritbot added a comment.Dec 31 2023, 7:48 AM

Change 986437 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] HookHandler: Use isTwoFactorAuthEnabled instead of comparing modules

https://gerrit.wikimedia.org/r/986437

gerritbot added a comment.Dec 31 2023, 7:57 AM

Change 986644 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] OATHUser: Drop getFirstKey()

https://gerrit.wikimedia.org/r/986644

gerritbot added a comment.Dec 31 2023, 5:28 PM

Change 986436 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Special: Cleanup module handling

https://gerrit.wikimedia.org/r/986436

gerritbot added a comment.Jan 11 2024, 4:36 PM

Change 986439 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] Remove uses of getFirstKey

https://gerrit.wikimedia.org/r/986439

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.14; 2024-01-16); removed MW-1.42-notes (1.42.0-wmf.12; 2024-01-02).Jan 11 2024, 6:00 PM
gerritbot added a comment.Mar 7 2024, 6:41 PM

Change 964987 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Make Key objects aware of their database IDs

https://gerrit.wikimedia.org/r/964987

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.22; 2024-03-12); removed MW-1.42-notes (1.42.0-wmf.14; 2024-01-16).Mar 7 2024, 7:00 PM
gerritbot added a comment.Mar 29 2024, 4:04 PM

Change #964988 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Make the TOTP disable form only remove that single key

https://gerrit.wikimedia.org/r/964988

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.25; 2024-04-02); removed MW-1.42-notes (1.42.0-wmf.22; 2024-03-12).Mar 29 2024, 5:00 PM
Nemoralis subscribed.Apr 9 2024, 8:04 PM
Reedy mentioned this in T354701: Enable migration of WebAuthn credentials to loginwiki.Apr 29 2024, 2:14 PM
gerritbot added a comment.May 1 2024, 7:57 AM

Change #1026086 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/WebAuthn@master] Do not cache keys in the credential repository

https://gerrit.wikimedia.org/r/1026086

gerritbot added a comment.May 1 2024, 7:57 AM

Change #1026087 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/WebAuthn@master] module: Stop using getModule() to check enablement

https://gerrit.wikimedia.org/r/1026087

Tol subscribed.May 2 2024, 10:43 PM
gerritbot added a comment.May 3 2024, 4:04 PM

Change #985620 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] Use removeKey()/removeAll() where applicable

https://gerrit.wikimedia.org/r/985620

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.4; 2024-05-07).May 3 2024, 5:00 PM
gerritbot added a comment.May 4 2024, 8:11 AM

Change #986644 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] OATHUser: Drop getFirstKey()

https://gerrit.wikimedia.org/r/986644

gerritbot added a comment.May 4 2024, 8:51 AM

Change #1027078 had a related patch set uploaded (by Majavah; author: Majavah):

[mediawiki/extensions/OATHAuth@master] Auth: Inject the module instead of relying on getModule()

https://gerrit.wikimedia.org/r/1027078

gerritbot added a comment.May 4 2024, 11:21 AM

Change #1026086 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] Do not cache keys in the credential repository

https://gerrit.wikimedia.org/r/1026086

gerritbot added a comment.May 5 2024, 11:29 AM

Change #1026087 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] module: Stop using getModule() to check enablement

https://gerrit.wikimedia.org/r/1026087

gerritbot added a comment.May 7 2024, 3:10 PM

Change #1027078 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Auth: Inject the module instead of relying on getModule()

https://gerrit.wikimedia.org/r/1027078

ReleaseTaggerBot edited projects, added MW-1.43-notes (1.43.0-wmf.5; 2024-05-14); removed MW-1.43-notes (1.43.0-wmf.4; 2024-05-07).May 7 2024, 4:00 PM
Maintenance_bot removed a project: Patch-For-Review.May 7 2024, 4:31 PM
larissagaulia moved this task from Current Sprint to Radar on the MediaWiki-Platform-Team board.Jun 25 2024, 3:18 PM
larissagaulia edited projects, added MediaWiki-Platform-Team (Radar); removed MediaWiki-Platform-Team.
TheDJ added a comment.Jul 29 2024, 7:47 PM

@taavi anything left to do here, or shall we resolve the ticket ?

Tgr mentioned this in T368468: Cannot switch 2FA method between TOTP and WebAuthn: InvalidArgumentException: User already has a key from a different module enabled (totp).Jul 29 2024, 8:07 PM
Tgr added a subtask: T368468: Cannot switch 2FA method between TOTP and WebAuthn: InvalidArgumentException: User already has a key from a different module enabled (totp).Sep 30 2024, 10:03 AM
Tgr mentioned this in T376021: Migrate or disable WebAuthn on Wikimedia wikis.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits