Closed Bug 1364233 Opened 7 years ago Closed 7 years ago

Add setting to force a group to require MFA and restrict users in that group who have not enabled MFA

Categories

(bugzilla.mozilla.org :: General, enhancement, P1)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: emceeaich, Assigned: dylan)

References

Details

Attachments

(1 file)

PR
45 bytes, text/x-github-pull-request
glob
: review-
Details | Review 
See the user story for the details.

:jeff, would the approach outlined in the user stories work for you?
Flags: needinfo?(jbryner)
Sounds correct to me, r+
Flags: needinfo?(jbryner)
Laura would like to see this done this quarter.
Rather than having this be per-group, we'll make an admin param that takes a group.
We can use the group permission system to apply that to other groups if needed, but I suspect mozilla-employee is the right group for this.

We'll want to add code here: https://github.com/mozilla-bteam/bmo/blob/master/Bugzilla/Auth.pm#L299

if all of the following are true:

* the user is logged in
* the user is a member of $group (configured by a new data/params entry 'require_2fa_group')
* the page being accessed is anything other than userprefs.cgi

then

return a new page that explains that the user is required to setup MFA before using BMO
We'll work out exactly what the copy says later.
Severity: normal → major
User Story: (updated)
Priority: -- → P1
Summary: Allow group owners to require 2FA and restrict users in that group who have not enabled 2FA → Add setting to cause a group to require MFA and restrict users in that group who have not enabled MFA
Assignee: nobody → dylan
Summary: Add setting to cause a group to require MFA and restrict users in that group who have not enabled MFA → Add setting to force a group to require MFA and restrict users in that group who have not enabled MFA
I'll have a proof of concept up for this today.
Status: NEW → ASSIGNED
Attached file PR 

    
  
Depends on: 1392786

    
  

        Attachment #8899615 -
        Flags: review?(glob)

    
  

        Attachment #8899615 -
        Attachment description: Proof of concept → PR

    
    

    
  
Comment on attachment 8899615 [details] [review]
PR

Adding Sebastin as reviewer too, since he has a working dev env.

        Attachment #8899615 -
        Flags: review?(sebastinssanty)

    
  

        Attachment #8899615 -
        Flags: review?(glob) → review-

    
  
Depends on: 1397747

    
  

        Attachment #8899615 -
        Flags: review- → review?(glob)

    
  

        Attachment #8899615 -
        Flags: review?(glob) → review-

    
    

    
  
probably r+ as I addressed the concern and will do additional testing.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED

    
  

        Attachment #8899615 -
        Flags: review?(sebastinssanty)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: