BigW Consortium Gitlab

two_factor.rake 1.15 KB
Newer Older
1 2 3 4
namespace :gitlab do
  namespace :two_factor do
    desc "GitLab | Disable Two-factor authentication (2FA) for all users"
    task disable_for_all_users: :environment do
5 6 7 8
      scope = User.with_two_factor
      count = scope.count

      if count > 0
9
        puts "This will disable 2FA for #{count.to_s.color(:red)} users..."
10 11 12 13

        begin
          ask_to_continue
          scope.find_each(&:disable_two_factor!)
14
          puts "Successfully disabled 2FA for #{count} users.".color(:green)
15
        rescue Gitlab::TaskAbortedByUserError
16
          puts "Quitting...".color(:red)
17 18
        end
      else
19
        puts "There are currently no users with 2FA enabled.".color(:yellow)
20 21
      end
    end
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

    namespace :rotate_key do
      def rotator
        @rotator ||= Gitlab::OtpKeyRotator.new(ENV['filename'])
      end

      desc "Encrypt user OTP secrets with a new encryption key"
      task apply: :environment do |t, args|
        rotator.rotate!(old_key: ENV['old_key'], new_key: ENV['new_key'])
      end

      desc "Rollback to secrets encrypted with the old encryption key"
      task rollback: :environment do
        rotator.rollback!
      end
    end
38 39
  end
end