Closed Bug 1201536 Opened 10 years ago Closed 10 years ago

2FA secrets for all users are removed when someone disables 2FA

Categories

(bugzilla.mozilla.org :: General, defect)

Production
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: ehsan.akhgari, Assigned: glob)

Details

Attachments

(1 file)

I enabled 2FA on my account, and now I'm locked out of Bugzilla on a new computer. When I try to log in, and enter the code shown in the Google Authenticator app, bugzilla gives me a "Invalid verification code." error on /token.cgi.
are you able to check the time is accurate on your mobile device - http://time.is/
looks like we're dropping mfa secrets. investigating.
Assignee: nobody → glob
Severity: normal → critical
Summary: 2FA doesn't work, and I can't log into bugzilla from a new computer any more → 2FA secrets for all users are removed when someone disables 2FA
Attached patch 1201536_1.patchSplinter Review
User::update() already removes the secret (correctly), so there's no need for property_delete_all
Attachment #8656619 - Flags: review?(dkl)
Comment on attachment 8656619 [details] [diff] [review] 1201536_1.patch Review of attachment 8656619 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl
Attachment #8656619 - Flags: review?(dkl) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git 7ff867c..83e02ca master -> master
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Thanks for the quick fix. I can login now!
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: