Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
1249289f
Commit
1249289f
authored
Dec 24, 2015
by
Gabriel Mazetto
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed codestyle and added 2FA documentation
parent
6e3fb502
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
44 additions
and
3 deletions
+44
-3
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+2
-2
app/controllers/profiles/two_factor_auths_controller.rb
app/controllers/profiles/two_factor_auths_controller.rb
+3
-1
doc/security/README.md
doc/security/README.md
+1
-0
doc/security/two_factor_authentication.md
doc/security/two_factor_authentication.md
+38
-0
No files found.
app/controllers/application_controller.rb
View file @
1249289f
...
@@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base
...
@@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base
before_action
:validate_user_service_ticket!
before_action
:validate_user_service_ticket!
before_action
:reject_blocked!
before_action
:reject_blocked!
before_action
:check_password_expiration
before_action
:check_password_expiration
before_action
:check_
t
fa_requirement
before_action
:check_
2
fa_requirement
before_action
:ldap_security_check
before_action
:ldap_security_check
before_action
:default_headers
before_action
:default_headers
before_action
:add_gon_variables
before_action
:add_gon_variables
...
@@ -224,7 +224,7 @@ class ApplicationController < ActionController::Base
...
@@ -224,7 +224,7 @@ class ApplicationController < ActionController::Base
end
end
end
end
def
check_
t
fa_requirement
def
check_
2
fa_requirement
if
two_factor_authentication_required?
&&
current_user
&&
!
current_user
.
two_factor_enabled
&&
!
skip_two_factor?
if
two_factor_authentication_required?
&&
current_user
&&
!
current_user
.
two_factor_enabled
&&
!
skip_two_factor?
redirect_to
new_profile_two_factor_auth_path
redirect_to
new_profile_two_factor_auth_path
end
end
...
...
app/controllers/profiles/two_factor_auths_controller.rb
View file @
1249289f
class
Profiles::TwoFactorAuthsController
<
Profiles
::
ApplicationController
class
Profiles::TwoFactorAuthsController
<
Profiles
::
ApplicationController
skip_before_action
:check_
t
fa_requirement
skip_before_action
:check_
2
fa_requirement
def
new
def
new
unless
current_user
.
otp_secret
unless
current_user
.
otp_secret
current_user
.
otp_secret
=
User
.
generate_otp_secret
(
32
)
current_user
.
otp_secret
=
User
.
generate_otp_secret
(
32
)
end
end
unless
current_user
.
otp_grace_period_started_at
&&
two_factor_grace_period
unless
current_user
.
otp_grace_period_started_at
&&
two_factor_grace_period
current_user
.
otp_grace_period_started_at
=
Time
.
current
current_user
.
otp_grace_period_started_at
=
Time
.
current
end
end
current_user
.
save!
if
current_user
.
changed?
current_user
.
save!
if
current_user
.
changed?
if
two_factor_grace_period_expired?
if
two_factor_grace_period_expired?
...
...
doc/security/README.md
View file @
1249289f
...
@@ -6,3 +6,4 @@
...
@@ -6,3 +6,4 @@
-
[
Information exclusivity
](
information_exclusivity.md
)
-
[
Information exclusivity
](
information_exclusivity.md
)
-
[
Reset your root password
](
reset_root_password.md
)
-
[
Reset your root password
](
reset_root_password.md
)
-
[
User File Uploads
](
user_file_uploads.md
)
-
[
User File Uploads
](
user_file_uploads.md
)
-
[
Enforce Two-Factor authentication
](
two_factor_authentication.md
)
doc/security/two_factor_authentication.md
0 → 100644
View file @
1249289f
# Enforce Two-factor Authentication (2FA)
Two-factor Authentication (2FA) provides an additional level of security to your
users' GitLab account. Once enabled, in addition to supplying their username and
password to login, they'll be prompted for a code generated by an application on
their phone.
You can read more about it here:
[
Two-factor Authentication (2FA)
](
doc/profile/two_factor_authentication.md
)
## Enabling 2FA
Users on GitLab, can enable it without any admin's intervention. If you want to
enforce everyone to setup 2FA, you can choose from two different ways:
1.
Enforce on next login
2.
Suggest on next login, but allow a grace period before enforcing.
In the Admin area under
**Settings**
(
`/admin/application_settings`
), look for
the "Sign-in Restrictions" area, where you can configure both.
If you want 2FA enforcement to take effect on next login, change the grace
period to
`0`
## Disabling 2FA for everyone
There may be some special situations where you want to disable 2FA for everyone
even when forced 2FA is disabled. There is a rake task for that:
```
# use this command if you've installed GitLab with the Omnibus package
sudo gitlab-rake gitlab:two_factor:disable_for_all_users
# if you've installed GitLab from source
sudo -u git -H bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
```
**IMPORTANT: this is a permanent and irreversible action. Users will have to reactivate 2FA from scratch if they want to use it again.**
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment