name => 'bz_quip_moderators',
description => 'Can moderate quips',
},
+ {
+ name => 'bz_can_disable_mfa',
+ description => 'Can disable MFA when editing users',
+ },
);
use constant DEFAULT_CLASSIFICATION => {
}
if (exists $changes->{mfa} && $self->mfa eq '') {
+ if (Bugzilla->user->id != $self->id) {
+ Bugzilla->audit(sprintf('%s disabled 2FA for %s', Bugzilla->user->login, $self->login));
+ }
$dbh->do("DELETE FROM profile_mfa WHERE user_id = ?", undef, $self->id);
}
$provider = lc($provider // '');
return 'TOTP' if $provider eq 'totp';
return 'Duo' if $provider eq 'duo';
+
+ # you must be member of the bz_can_disable_mfa group to disable mfa for
+ # other accounts.
+ if ($provider eq '') {
+ my $user = Bugzilla->user;
+ if ($user->id != $self->id && !$user->in_group('bz_can_disable_mfa')) {
+ ThrowUserError('mfa_disable_denied');
+ }
+ }
+
return '';
}
? $cgi->param('password_change_reason')
: ''
);
- if ($user->in_group('admin') && $otherUser->mfa && $cgi->param('mfa') eq '') {
+ if ($user->in_group('bz_can_disable_mfa') && $otherUser->mfa && $cgi->param('mfa') eq '') {
$otherUser->set_mfa('');
- Bugzilla->audit(sprintf('%s disabled 2FA for %s', $user->login, $otherUser->login));
}
$changes = $otherUser->update();
}
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ #
+ # This Source Code Form is "Incompatible With Secondary Licenses", as
+ # defined by the Mozilla Public License, v. 2.0.
+ #%]
+
This email would have contained sensitive information, but you have not set
a PGP/GPG key or SMIME certificate in the "Secure Mail" section of your user
preferences.
[%+ urlbase %]show_bug.cgi?id=[% bug_id %]
[% END %]
[% ELSIF email_type == 'admin' %]
-You will have to contact [% maintainer %] to reset your password.
+You will have to contact servicedesk@mozilla.com to reset your password.
[% END %]
<tr>
<th><label for="mfa">Two-factor Auth:</label></th>
<td>
- [% IF user.in_group('admin') %]
+ [% IF user.in_group('bz_can_disable_mfa') %]
[% IF otheruser.mfa %]
<select name="mfa" value="mfa">
<option value="">Disable</option>
<br>
The QR code has been deleted - please generate and scan a new code.
+ [% ELSIF error == "mfa_disable_denied" %]
+ [% title = "Change Denied" %]
+ You do not have permission to disable MFA for other users.
+
[% ELSIF error == "migrate_config_created" %]
The file <kbd>[% file FILTER html %]</kbd> contains configuration
variables that must be set before continuing with the migration.
projects / thirdparty / bugzilla.git / commitdiff
