Closed
Bug 1213757
Opened 9 years ago
Closed 9 years ago
delegate password and 2fa resets to servicedesk
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: glob, Assigned: glob)
Details
Attachments
(1 file, 1 obsolete file)
4.85 KB,
patch
|
dylan
:
review+
|
Details | Diff | Splinter Review |
in order to centralise identity verification we're going to delegate security-group password and 2fa resets to servicedesk.
we need to:
- change the email address in the "you need to contact us to reset your password" from bmo-admin to servicedesk
- change the "can disable 2fa" group from admin to a new group
- create a new "servicedesk" group, owned by mpoessy
Comment 1•9 years ago
|
||
And how do you deal with non-MoCo employees who don't have access to servicedesk?
- add bz_can_disable_mfa group
- move mfa checks and auditing from editusers to Bugzilla::User
- update contact email address in SecureMail
Attachment #8672497 -
Flags: review?(dylan)
(In reply to Reed Loden [:reed] (use needinfo?) from comment #1)
> And how do you deal with non-MoCo employees who don't have access to
> servicedesk?
servicedesk will forward the request to the bmo admins to take action.
Comment 5•9 years ago
|
||
Comment on attachment 8672497 [details] [diff] [review]
1213757_1.patch
Review of attachment 8672497 [details] [diff] [review]:
-----------------------------------------------------------------
This one also conflicted with the duo patch as well. After working around that it seems mostly sane though.
Attachment #8672497 -
Flags: review?(dylan)
Attachment #8672497 -
Flags: review-
Attachment #8672497 -
Flags: feedback+
Attachment #8672497 -
Attachment is obsolete: true
Attachment #8673484 -
Flags: review?(dylan)
Comment 7•9 years ago
|
||
Comment on attachment 8673484 [details] [diff] [review]
1213757_2.patch
Review of attachment 8673484 [details] [diff] [review]:
-----------------------------------------------------------------
r=dylan
::: editusers.cgi
@@ -274,2 @@
> $otherUser->set_mfa('');
> - Bugzilla->audit(sprintf('%s disabled 2FA for %s', $user->login, $otherUser->login));
What's the reasoning behind removing the audit log entry?
Attachment #8673484 -
Flags: review?(dylan) → review+
(In reply to Dylan William Hardison [:dylan] from comment #7)
> What's the reasoning behind removing the audit log entry?
i moved it to Bugzilla::User->update()
i'm holding off committing this patch for now - we want to do a quick training session of the servicedesk staff first.
Assignee | ||
Comment 10•9 years ago
|
||
we're good to go here now.
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
175f9c1..b6d9211 master -> master
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•