mozilla
Don't require 2FA for theme developers versions
This is achieved by overriding theme_specific in _submit_upload() if an add-on is passed (or if we're using the theme wizard). That variable is passed down to the upload flow (and checked against the xpi being uploaded later) to bypass the 2FA requirement.
Context
We enforce 2FA at submission time if the 2fa-enforcement-for-developers-and-special-users flag is active for the user, but we want that for extensions (and langpacks/dicts, technically), not themes. The bug was that we accidentally required it for all new versions of existing add-ons, even themes.
Testing
Automated tests should cover this but if you want to try locally you can follow the STR in the issue. You can use the theme wizard to create the initial theme, and then take the zip and bump the version number.
Note that you need to create the waffle flag (not a switch! it can be potentially active for a limited set of users) with: manage.py waffle_flag 2fa-enforcement-for-developers-and-special-users --everyone. Then, when logging in with the fake auth, check or uncheck the "two-factor authentication" checkbox before logging in depending on what you want to test.
Fixes https://github.com/mozilla/addons/issues/1956
