Mailing List Archive

OATHAuth Extension is prompting users for a code when they had not set up 2FA
I recently upgraded our wiki from 1.29.1 to 1.35.2, and I enabled some new
extensions along the way. One of these was OATHAuth. Since the upgrade, I
have had about 5 different users complain that they were being prompted for
a 2FA code despite never having set it up. I did a bit of digging in the
database and found that none of the user IDs matched the IDs in the
oathauth_users table, and I'm currently under the impression that those
should be user IDs. We do use CentralAuth, as we have multiple wikis, but
neither the global nor local IDs matched up. I'm not sure if we've hit a
bug or if I'm misinterpreting what that field is supposed to represent, but
I was hoping someone could help point me in the right direction. I've had
to disable the extension because it was preventing legitimate logins, but
we would like to have it enabled if we can fix this.
Justin Folvarcik