Closed
Bug 1201536
Opened 10 years ago
Closed 10 years ago
2FA secrets for all users are removed when someone disables 2FA
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: ehsan.akhgari, Assigned: glob)
Details
Attachments
(1 file)
|
894 bytes,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
I enabled 2FA on my account, and now I'm locked out of Bugzilla on a new computer. When I try to log in, and enter the code shown in the Google Authenticator app, bugzilla gives me a "Invalid verification code." error on /token.cgi.
are you able to check the time is accurate on your mobile device - http://time.is/
looks like we're dropping mfa secrets. investigating.
Assignee: nobody → glob
Severity: normal → critical
Summary: 2FA doesn't work, and I can't log into bugzilla from a new computer any more → 2FA secrets for all users are removed when someone disables 2FA
User::update() already removes the secret (correctly), so there's no need for property_delete_all
Attachment #8656619 -
Flags: review?(dkl)
Comment 4•10 years ago
|
||
Comment on attachment 8656619 [details] [diff] [review]
1201536_1.patch
Review of attachment 8656619 [details] [diff] [review]:
-----------------------------------------------------------------
r=dkl
Attachment #8656619 -
Flags: review?(dkl) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
7ff867c..83e02ca master -> master
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
| Reporter | ||
Comment 6•10 years ago
|
||
Thanks for the quick fix. I can login now!
You need to log in
before you can comment on or make changes to this bug.
Description
•