draem0507 / rietveld

Automatically exported from code.google.com/p/rietveld
Apache License 2.0
0 stars 0 forks source link

upload.py #516

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Enable two-factor auth on a gmail account
2. Run upload.py
3. Enter this gmail account and a password (not an "app-specific password")

What is the expected output? What do you see instead?

It suggests "use an app-specific password instead". I would prefer it to 
recommend --oauth2.

What browser are you using?  What version? On what operating system?

Browser n/a; OSX 10.10

At what URL are you accessing Rietveld?  codereview.appspot.com

Please provide any additional information below.

"App-specific passwords" are inconvenient and a security risk (they allow full 
access to the account; they are not actually constrained to a particular app). 
It would be better in most cases to recommend re-running with the --oauth2 flag 
instead of suggesting an app-specific password. (I would also support making 
--oauth2 the default, but that's a more contentious change than updating the 
error message).

Original issue reported on code.google.com by ben.darn...@gmail.com on 26 Jan 2015 at 1:16