-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KeyError: 'password'
when trying to disable another user's 2FA
#3705
Comments
I took a brief look at this already, it seems like only form field in this view is |
KeyError: 'password'
when trying to diable another user's 2FA
Is this a new or old bug? I know OTF staff have used this function successfully in the past. They might all have been logged in via Google so no 2FA however. |
I believe this is a new bug as both Slammer & I couldn't disable 2FA on another user's account through Hypha, I had to do it manually in the heroku/python shell. I think this issue potentially came with #3531 as it removed the need for a password field in the 2FA disable prompt, but it's weird that a password field would be in the @sandeepsajan0 maybe you might have better insight as I think you did the initial implementation, is |
I'll try take a stab at it. As I don't believe I tested the wagtail admin disable 2FA flow throughly in the #3531 |
- Use sudo mode instead of asking for password - prompt confirmation text before final disable action - Clean/Rename the confirmation form closes: #3705
KeyError: 'password'
when trying to diable another user's 2FAKeyError: 'password'
when trying to disable another user's 2FA
- Use sudo mode instead of asking for password - prompt confirmation text before final disable action - Clean/Rename the confirmation form closes: #3705
- Use sudo mode instead of asking for password - prompt confirmation text before final disable action - Clean/Rename the confirmation form closes: #3705
- Use sudo mode instead of asking for password - prompt confirmation text before final disable action - Clean/Rename the confirmation form closes: #3705
As an administrator with an instance that has
ENFORCE_TWO_FACTOR=True
, when going to disable another user's 2FA via wagtail admin, aKeyError: 'password'
results from the apply users' views.py, attempting to set the label of the password form field.This makes an administrator unable to disable 2FA for a user.
The text was updated successfully, but these errors were encountered: