BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
1249289f
Commit
1249289f
authored
Dec 24, 2015
by
Gabriel Mazetto
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed codestyle and added 2FA documentation
parent
6e3fb502
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
44 additions
and
3 deletions
+44
-3
application_controller.rb
app/controllers/application_controller.rb
+2
-2
two_factor_auths_controller.rb
app/controllers/profiles/two_factor_auths_controller.rb
+3
-1
README.md
doc/security/README.md
+1
-0
two_factor_authentication.md
doc/security/two_factor_authentication.md
+38
-0
No files found.
app/controllers/application_controller.rb
View file @
1249289f
...
...
@@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base
before_action
:validate_user_service_ticket!
before_action
:reject_blocked!
before_action
:check_password_expiration
before_action
:check_
t
fa_requirement
before_action
:check_
2
fa_requirement
before_action
:ldap_security_check
before_action
:default_headers
before_action
:add_gon_variables
...
...
@@ -224,7 +224,7 @@ class ApplicationController < ActionController::Base
end
end
def
check_
t
fa_requirement
def
check_
2
fa_requirement
if
two_factor_authentication_required?
&&
current_user
&&
!
current_user
.
two_factor_enabled
&&
!
skip_two_factor?
redirect_to
new_profile_two_factor_auth_path
end
...
...
app/controllers/profiles/two_factor_auths_controller.rb
View file @
1249289f
class
Profiles
::
TwoFactorAuthsController
<
Profiles
::
ApplicationController
skip_before_action
:check_
t
fa_requirement
skip_before_action
:check_
2
fa_requirement
def
new
unless
current_user
.
otp_secret
current_user
.
otp_secret
=
User
.
generate_otp_secret
(
32
)
end
unless
current_user
.
otp_grace_period_started_at
&&
two_factor_grace_period
current_user
.
otp_grace_period_started_at
=
Time
.
current
end
current_user
.
save!
if
current_user
.
changed?
if
two_factor_grace_period_expired?
...
...
doc/security/README.md
View file @
1249289f
...
...
@@ -6,3 +6,4 @@
-
[
Information exclusivity
](
information_exclusivity.md
)
-
[
Reset your root password
](
reset_root_password.md
)
-
[
User File Uploads
](
user_file_uploads.md
)
-
[
Enforce Two-Factor authentication
](
two_factor_authentication.md
)
doc/security/two_factor_authentication.md
0 → 100644
View file @
1249289f
# Enforce Two-factor Authentication (2FA)
Two-factor Authentication (2FA) provides an additional level of security to your
users' GitLab account. Once enabled, in addition to supplying their username and
password to login, they'll be prompted for a code generated by an application on
their phone.
You can read more about it here:
[
Two-factor Authentication (2FA)
](
doc/profile/two_factor_authentication.md
)
## Enabling 2FA
Users on GitLab, can enable it without any admin's intervention. If you want to
enforce everyone to setup 2FA, you can choose from two different ways:
1.
Enforce on next login
2.
Suggest on next login, but allow a grace period before enforcing.
In the Admin area under
**Settings**
(
`/admin/application_settings`
), look for
the "Sign-in Restrictions" area, where you can configure both.
If you want 2FA enforcement to take effect on next login, change the grace
period to
`0`
## Disabling 2FA for everyone
There may be some special situations where you want to disable 2FA for everyone
even when forced 2FA is disabled. There is a rake task for that:
```
# use this command if you've installed GitLab with the Omnibus package
sudo gitlab-rake gitlab:two_factor:disable_for_all_users
# if you've installed GitLab from source
sudo -u git -H bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
```
**IMPORTANT: this is a permanent and irreversible action. Users will have to reactivate 2FA from scratch if they want to use it again.**
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment