From c3d9c55b23183a51c941800d94ed0ff085e5a3b8 Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Wed, 7 Oct 2015 15:46:18 -0400
Subject: [PATCH 1/3] Add gitlab:two_factor:disable_for_all_users task

---
 lib/tasks/gitlab/two_factor.rake | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 lib/tasks/gitlab/two_factor.rake

diff --git a/lib/tasks/gitlab/two_factor.rake b/lib/tasks/gitlab/two_factor.rake
new file mode 100644
index 00000000000..acd4b7da39b
--- /dev/null
+++ b/lib/tasks/gitlab/two_factor.rake
@@ -0,0 +1,10 @@
+namespace :gitlab do
+  namespace :two_factor do
+    desc "GitLab | Disable Two-factor authentication (2FA) for all users"
+    task disable_for_all_users: :environment do
+      User.with_two_factor.find_each do |user|
+        user.disable_two_factor!
+      end
+    end
+  end
+end

From 5a28a5b72634ba180180dfeaeca1d2b0d988e177 Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Wed, 7 Oct 2015 15:46:54 -0400
Subject: [PATCH 2/3] Add docs for gitlab:two_factor:disable_for_all_users task

---
 doc/raketasks/user_management.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/doc/raketasks/user_management.md b/doc/raketasks/user_management.md
index 4fbd20762da..629d38efc53 100644
--- a/doc/raketasks/user_management.md
+++ b/doc/raketasks/user_management.md
@@ -56,3 +56,17 @@ bundle exec rake gitlab:import:all_users_to_all_groups RAILS_ENV=production
 ```
 block_auto_created_users: false
 ```
+
+## Disable Two-factor Authentication (2FA) for all users
+
+This task will disable 2FA for all users that have it enabled. This can be
+useful if GitLab's `.secret` file has been lost and users are unable to login,
+for example.
+
+```bash
+# omnibus-gitlab
+sudo gitlab-rake gitlab:two_factor:disable_for_all_users
+
+# installation from source
+bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
+```

From cd46f4c36736ed548e440566095e51a3a43ca6d6 Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Thu, 8 Oct 2015 23:19:56 -0400
Subject: [PATCH 3/3] Add output and confirmation to
 gitlab:two_factor:disable_for_all_users

---
 lib/tasks/gitlab/two_factor.rake | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/tasks/gitlab/two_factor.rake b/lib/tasks/gitlab/two_factor.rake
index acd4b7da39b..9196677a017 100644
--- a/lib/tasks/gitlab/two_factor.rake
+++ b/lib/tasks/gitlab/two_factor.rake
@@ -2,8 +2,21 @@ namespace :gitlab do
   namespace :two_factor do
     desc "GitLab | Disable Two-factor authentication (2FA) for all users"
     task disable_for_all_users: :environment do
-      User.with_two_factor.find_each do |user|
-        user.disable_two_factor!
+      scope = User.with_two_factor
+      count = scope.count
+
+      if count > 0
+        puts "This will disable 2FA for #{count.to_s.red} users..."
+
+        begin
+          ask_to_continue
+          scope.find_each(&:disable_two_factor!)
+          puts "Successfully disabled 2FA for #{count} users.".green
+        rescue Gitlab::TaskAbortedByUserError
+          puts "Quitting...".red
+        end
+      else
+        puts "There are currently no users with 2FA enabled.".yellow
       end
     end
   end