Closed Bug 1213757 Opened 9 years ago Closed 9 years ago

delegate password and 2fa resets to servicedesk

Categories

(bugzilla.mozilla.org :: General, defect)

Production
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: glob, Assigned: glob)

Details

Attachments

(1 file, 1 obsolete file)

in order to centralise identity verification we're going to delegate security-group password and 2fa resets to servicedesk.

we need to:
- change the email address in the "you need to contact us to reset your password" from bmo-admin to servicedesk
- change the "can disable 2fa" group from admin to a new group
- create a new "servicedesk" group, owned by mpoessy
And how do you deal with non-MoCo employees who don't have access to servicedesk?
Attached patch 1213757_1.patch (obsolete) — Splinter Review
- add bz_can_disable_mfa group
- move mfa checks and auditing from editusers to Bugzilla::User
- update contact email address in SecureMail
Attachment #8672497 - Flags: review?(dylan)
(In reply to Reed Loden [:reed] (use needinfo?) from comment #1)
> And how do you deal with non-MoCo employees who don't have access to
> servicedesk?

servicedesk will forward the request to the bmo admins to take action.
i've created and populated the 'servicedesk' group.
Comment on attachment 8672497 [details] [diff] [review]
1213757_1.patch

Review of attachment 8672497 [details] [diff] [review]:
-----------------------------------------------------------------

This one also conflicted with the duo patch as well. After working around that it seems mostly sane though.
Attachment #8672497 - Flags: review?(dylan)
Attachment #8672497 - Flags: review-
Attachment #8672497 - Flags: feedback+
Attached patch 1213757_2.patchSplinter Review
Attachment #8672497 - Attachment is obsolete: true
Attachment #8673484 - Flags: review?(dylan)
Comment on attachment 8673484 [details] [diff] [review]
1213757_2.patch

Review of attachment 8673484 [details] [diff] [review]:
-----------------------------------------------------------------

r=dylan

::: editusers.cgi
@@ -274,2 @@
>              $otherUser->set_mfa('');
> -            Bugzilla->audit(sprintf('%s disabled 2FA for %s', $user->login, $otherUser->login));

What's the reasoning behind removing the audit log entry?
Attachment #8673484 - Flags: review?(dylan) → review+
(In reply to Dylan William Hardison [:dylan] from comment #7)
> What's the reasoning behind removing the audit log entry?

i moved it to Bugzilla::User->update()
i'm holding off committing this patch for now - we want to do a quick training session of the servicedesk staff first.
we're good to go here now.

To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   175f9c1..b6d9211  master -> master
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: