Fixed codestyle and added 2FA documentation
This commit is contained in:
parent
6e3fb5024a
commit
1249289f89
|
@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base
|
|||
before_action :validate_user_service_ticket!
|
||||
before_action :reject_blocked!
|
||||
before_action :check_password_expiration
|
||||
before_action :check_tfa_requirement
|
||||
before_action :check_2fa_requirement
|
||||
before_action :ldap_security_check
|
||||
before_action :default_headers
|
||||
before_action :add_gon_variables
|
||||
|
@ -224,7 +224,7 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
end
|
||||
|
||||
def check_tfa_requirement
|
||||
def check_2fa_requirement
|
||||
if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor?
|
||||
redirect_to new_profile_two_factor_auth_path
|
||||
end
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
|
||||
skip_before_action :check_tfa_requirement
|
||||
skip_before_action :check_2fa_requirement
|
||||
|
||||
def new
|
||||
unless current_user.otp_secret
|
||||
current_user.otp_secret = User.generate_otp_secret(32)
|
||||
end
|
||||
|
||||
unless current_user.otp_grace_period_started_at && two_factor_grace_period
|
||||
current_user.otp_grace_period_started_at = Time.current
|
||||
end
|
||||
|
||||
current_user.save! if current_user.changed?
|
||||
|
||||
if two_factor_grace_period_expired?
|
||||
|
|
|
@ -6,3 +6,4 @@
|
|||
- [Information exclusivity](information_exclusivity.md)
|
||||
- [Reset your root password](reset_root_password.md)
|
||||
- [User File Uploads](user_file_uploads.md)
|
||||
- [Enforce Two-Factor authentication](two_factor_authentication.md)
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
# Enforce Two-factor Authentication (2FA)
|
||||
|
||||
Two-factor Authentication (2FA) provides an additional level of security to your
|
||||
users' GitLab account. Once enabled, in addition to supplying their username and
|
||||
password to login, they'll be prompted for a code generated by an application on
|
||||
their phone.
|
||||
|
||||
You can read more about it here:
|
||||
[Two-factor Authentication (2FA)](doc/profile/two_factor_authentication.md)
|
||||
|
||||
## Enabling 2FA
|
||||
|
||||
Users on GitLab, can enable it without any admin's intervention. If you want to
|
||||
enforce everyone to setup 2FA, you can choose from two different ways:
|
||||
|
||||
1. Enforce on next login
|
||||
2. Suggest on next login, but allow a grace period before enforcing.
|
||||
|
||||
In the Admin area under **Settings** (`/admin/application_settings`), look for
|
||||
the "Sign-in Restrictions" area, where you can configure both.
|
||||
|
||||
If you want 2FA enforcement to take effect on next login, change the grace
|
||||
period to `0`
|
||||
|
||||
## Disabling 2FA for everyone
|
||||
|
||||
There may be some special situations where you want to disable 2FA for everyone
|
||||
even when forced 2FA is disabled. There is a rake task for that:
|
||||
|
||||
```
|
||||
# use this command if you've installed GitLab with the Omnibus package
|
||||
sudo gitlab-rake gitlab:two_factor:disable_for_all_users
|
||||
|
||||
# if you've installed GitLab from source
|
||||
sudo -u git -H bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
|
||||
```
|
||||
|
||||
**IMPORTANT: this is a permanent and irreversible action. Users will have to reactivate 2FA from scratch if they want to use it again.**
|
Loading…
Reference in New Issue