No description
https://gitlab.com/gitlab-org/gitlab-foss
3cb69f0c0b
Allow a U2F Device to be the Second Factor for Authentication Parent Issue: #15337 ## TODO - [ ] #15337 (!3905) FIDO/U2F 2FA using Yubikey - [x] Order a Yubikey? - [x] Do some reading to figure out what all this stuff means - [x] Look through the existing MR - [x] Browser support? - [x] Implementation - [x] User can register 2FA using their U2H device instead of authenticator - [x] Barebones flow - [x] Save the registration in the database - [x] Authentication flow - [x] First try after login/server start doesn't work - [x] User can log in using their U2F device - [x] Allow setting up authenticator if U2F is already set up (or vice versa) - [x] Change `two_factor_auths/new` to `show` - [x] `sign_requests` during registration? (Registering a device that has already been registered) - [x] 2FA skippable flow? - [x] Enforced 2FA flow (grace period?) - [x] Move the "Configure it Later" button to the right place - [x] Don't allow registration when the yubikey isn't plugged in - [x] Polish authentication flow - [x] Login should only show the 2FA method that's enabled - [x] Message to say that u2f only works on chrome, and it's recommended to enable otp as well. - [x] Index for key_handle - [x] Server-side errors while registering/logging in - [x] Handle non-chrome browsers - [x] Try to authenticate with a key that hasn't been registered (shouldn't work) - [x] Try the same key for multiple user accounts (should work) - [x] Fix existing tests - [x] Make sure CI is green - [x] Add tests - [x] Figure out how to fake the Yubikey - [x] Teaspoon tests for the React components - [x] Each device can only be registered once per user - [x] Feature specs - [x] Regular flows - [x] Test error cases - [x] Refactoring - [x] Refactor App ID - [x] Clean up the `show` action - [x] Annotate methods with definition of U2F - [x] Changelog - [x] Fix merge conflicts - [x] Verify flows - [x] Authenticator + no U2F - [x] U2F + no authenticator - [x] U2F + authenticator - [x] U2F + authenticator -> disable 2FA - [x] 2FA required with different grace periods - [x] Screenshots for MR - [x] Augment the [help docs](http://localhost:3000/help/profile/two_factor_authentication) - [x] Assign to endboss - [x] Ask for feedback on UI/UX - [x] Ask for feedback on copy - [x] Wait for review/merge - [x] Fix merge conflicts - [x] Wait for CI to pass - [x] Implement review comments/suggestions - [x] Move `TwoFactorAuthController#create_u2f` to a service - [x] Extra space before `Base64` in `u2f_registration` model - [x] Move `with/without_two_factor` scopes to class methods - [x] In `profiles/accounts/show`, add spaces at `{` and `}` - [x] Remove blank lines in `profiles/two_factor_auths/show` - [x] Fix typo in doc. "(universal 2nd factor )" - [x] Add "Added in 8.8" to doc - [x] In the doc, use 'Enable 2FA via mobile application' instead of 'Via Mobile Application' - [x] In the doc, use 'Enable 2FA via U2F device' instead of 'Via U2F Device - [x] Use "Two-Factor Authentication" everywhere - [x] Use `#icon` wrapper instead of `fa_stacked_icon` - [x] Check if `string` is enough for `key_handle` and `public_key` - [x] Separate `exercise` and `verify` phases of test (u2f_spec) - [x] Assert that `user_without_2fa` is _not_ in results (with_two_factor) - [x] Remove rubocop exception - [x] Refactor call to `User.with_two_factor.count` to not include `.length` - [x] Add a note that makes the "Disable" button/feature obvious - [x] Remove i18n - [x] Test in Firefox with addon (+ create new issue for support) - [x] Remove React - [x] Rewrite registration - [x] Switch underscore template to default style - [x] Rewrite authentication - [x] Move `register` haml to `u2f` dir - [x] Remove instance variables - [x] Fix tests - [x] Read SCSS guidelines - [x] Address @connorshea's comments regarding text style - [x] Make sure all classes and IDs are in line (add `js-` prefixes) - [x] Register - [x] Authenticate - [x] Refactoring? - [x] Include non-minifed version of bowser - [x] Audit log - [x] Look at the `browser` gem (and don't use bowser) - [x] Error message when on HTTP? - [x] Test on Mobile - [x] Fix merge conflicts - [x] Retest all flows - [x] Back to Rémy for review - [x] Make sure CI is green - [x] Wait for merge / more feedback - [x] Implement @rymai's changes - [x] JS/Coffeescript variables should be lowerCamelCase - [x] Spaces before/after `}` and `{` in HAML (and elsewhere) - [x] Rails view helpers in u2f HAML - [x] `%div.row.append-bottom-10` - [x] Wrap line in `without_two_factor` scope - [x] Exception-less flow in `U2F::CreateService` - [x] Fix merge conflicts - [x] Move service to model class method - [x] Fix teaspoon specs - [x] Address @rymai's suggestions about error handing - [x] Javascript error constants - [x] Fix merge conflicts - [x] One final review - [x] Test "registration with errors" flow - [x] Assign to Remy - [x] Wait for replies from @jschatz1 - [x] Address @rymai's comments - [x] Omit `%div` - [x] Scope `$.find` globally - [x] Replace `find('#element-id).click` with `click_on('Element Text') - [x] Rebase master + conflicts - [x] Look at https://news.ycombinator.com/item?id=11690774 - [x] Address @connorshea's comment regarding HTTPS on localhost - [x] Final sanity check - [x] Wait for [CI to pass]( |
||
|---|---|---|
| app | ||
| bin | ||
| builds | ||
| config | ||
| db | ||
| doc | ||
| docker | ||
| features | ||
| fixtures/emojis | ||
| generator_templates/active_record/migration | ||
| lib | ||
| log | ||
| public | ||
| scripts | ||
| shared | ||
| spec | ||
| tmp | ||
| vendor | ||
| .csscomb.json | ||
| .flayignore | ||
| .foreman | ||
| .gitattributes | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .hound.yml | ||
| .pkgr.yml | ||
| .rspec | ||
| .rubocop.yml | ||
| .ruby-version | ||
| .scss-lint.yml | ||
| .simplecov | ||
| .teatro.yml | ||
| .vagrant_enabled | ||
| CHANGELOG | ||
| config.ru | ||
| CONTRIBUTING.md | ||
| doc_styleguide.md | ||
| docker-compose.yml | ||
| Gemfile | ||
| Gemfile.lock | ||
| GITLAB_SHELL_VERSION | ||
| GITLAB_WORKHORSE_VERSION | ||
| LICENSE | ||
| MAINTENANCE.md | ||
| PROCESS.md | ||
| Procfile | ||
| Rakefile | ||
| README.md | ||
| VERSION | ||
GitLab
Canonical source
The source of GitLab Community Edition is hosted on GitLab.com and there are mirrors to make contributing as easy as possible.
Open source software to collaborate on code
To see how GitLab looks please see the features page on our website.
- Manage Git repositories with fine grained access controls that keep your code secure
- Perform code reviews and enhance collaboration with merge requests
- Each project can also have an issue tracker and a wiki
- Used by more than 100,000 organizations, GitLab is the most popular solution to manage Git repositories on-premises
- Completely free and open source (MIT Expat license)
- Powered by Ruby on Rails
Hiring
We're hiring developers, support people, and production engineers all the time, please see our jobs page.
Editions
There are two editions of GitLab:
- GitLab Community Edition (CE) is available freely under the MIT Expat license.
- GitLab Enterprise Edition (EE) includes extra features that are more useful for organizations with more than 100 users. To use EE and get official support please become a subscriber.
Website
On about.gitlab.com you can find more information about:
- Subscriptions
- Consultancy
- Community
- Hosted GitLab.com use GitLab as a free service
- GitLab Enterprise Edition with additional features aimed at larger organizations.
- GitLab CI a continuous integration (CI) server that is easy to integrate with GitLab.
Requirements
Please see the requirements documentation for system requirements and more information about the supported operating systems.
Installation
The recommended way to install GitLab is with the Omnibus packages on our package server. Compared to an installation from source, this is faster and less error prone. Just select your operating system, download the respective package (Debian or RPM) and install it using the system's package manager.
There are various other options to install GitLab, please refer to the installation page on the GitLab website for more information.
You can access a new installation with the login root and password 5iveL!fe, after login you are required to set a unique password.
Install a development environment
To work on GitLab itself, we recommend setting up your development environment with the GitLab Development Kit. If you do not use the GitLab Development Kit you need to install and setup all the dependencies yourself, this is a lot of work and error prone. One small thing you also have to do when installing it yourself is to copy the example development unicorn configuration file:
cp config/unicorn.rb.example.development config/unicorn.rb
Instructions on how to start GitLab and how to run the tests can be found in the development section of the GitLab Development Kit.
Software stack
GitLab is a Ruby on Rails application that runs on the following software:
- Ubuntu/Debian/CentOS/RHEL
- Ruby (MRI) 2.1
- Git 2.7.4+
- Redis 2.8+
- MySQL or PostgreSQL
For more information please see the architecture documentation.
Third-party applications
There are a lot of third-party applications integrating with GitLab. These include GUI Git clients, mobile applications and API wrappers for various languages.
GitLab release cycle
For more information about the release process see the release documentation.
Upgrading
For upgrading information please see our update page.
Documentation
All documentation can be found on doc.gitlab.com/ce/.
Getting help
Please see Getting help for GitLab on our website for the many options to get help.
Is it any good?
Is it awesome?
Thanks for asking this question Joshua. These people seem to like it.