Closed Bug 1213757 Opened 9 years ago Closed 9 years ago

delegate password and 2fa resets to servicedesk

Categories

(bugzilla.mozilla.org :: General, defect)

Production
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: glob, Assigned: glob)

Details

Attachments

(1 file, 1 obsolete file)

in order to centralise identity verification we're going to delegate security-group password and 2fa resets to servicedesk. we need to: - change the email address in the "you need to contact us to reset your password" from bmo-admin to servicedesk - change the "can disable 2fa" group from admin to a new group - create a new "servicedesk" group, owned by mpoessy
And how do you deal with non-MoCo employees who don't have access to servicedesk?
Attached patch 1213757_1.patch (obsolete) — Splinter Review
- add bz_can_disable_mfa group - move mfa checks and auditing from editusers to Bugzilla::User - update contact email address in SecureMail
Attachment #8672497 - Flags: review?(dylan)
(In reply to Reed Loden [:reed] (use needinfo?) from comment #1) > And how do you deal with non-MoCo employees who don't have access to > servicedesk? servicedesk will forward the request to the bmo admins to take action.
i've created and populated the 'servicedesk' group.
Comment on attachment 8672497 [details] [diff] [review] 1213757_1.patch Review of attachment 8672497 [details] [diff] [review]: ----------------------------------------------------------------- This one also conflicted with the duo patch as well. After working around that it seems mostly sane though.
Attachment #8672497 - Flags: review?(dylan)
Attachment #8672497 - Flags: review-
Attachment #8672497 - Flags: feedback+
Attached patch 1213757_2.patchSplinter Review
Attachment #8672497 - Attachment is obsolete: true
Attachment #8673484 - Flags: review?(dylan)
Comment on attachment 8673484 [details] [diff] [review] 1213757_2.patch Review of attachment 8673484 [details] [diff] [review]: ----------------------------------------------------------------- r=dylan ::: editusers.cgi @@ -274,2 @@ > $otherUser->set_mfa(''); > - Bugzilla->audit(sprintf('%s disabled 2FA for %s', $user->login, $otherUser->login)); What's the reasoning behind removing the audit log entry?
Attachment #8673484 - Flags: review?(dylan) → review+
(In reply to Dylan William Hardison [:dylan] from comment #7) > What's the reasoning behind removing the audit log entry? i moved it to Bugzilla::User->update()
i'm holding off committing this patch for now - we want to do a quick training session of the servicedesk staff first.
we're good to go here now. To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git 175f9c1..b6d9211 master -> master
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: