Skip to content

Enforce two-factor auth (2FA: TOTP or WebAuthn) #34187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 28, 2025
Merged

Enforce two-factor auth (2FA: TOTP or WebAuthn) #34187

merged 9 commits into from
Apr 28, 2025

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Apr 12, 2025
edited
Loading

Fix #880

Design:

  1. A global setting security.TWO_FACTOR_AUTH.
    • To support org-level config, we need to introduce a better "owner setting" system first (in the future)
  2. A user without 2FA can login and may explore, but can NOT read or write to any repositories via API/web.
  3. Keep things as simple as possible.
    • This option only aggressively suggest users to enable their 2FA at the moment, it does NOT guarantee that users must have 2FA before all other operations, it should be good enough for real world use cases.
    • Some details and tests could be improved in the future since this change only adds a check and seems won't affect too much.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Apr 12, 2025
@github-actions github-actions bot added modifies/translation modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/cli PR changes something on the CLI, i.e. gitea doctor or gitea admin modifies/templates This PR modifies the template files modifies/migrations docs-update-needed The document needs to be updated synchronously labels Apr 12, 2025
@wxiaoguang wxiaoguang mentioned this pull request Apr 12, 2025
Closed
@wxiaoguang wxiaoguang added this to the 1.24.0 milestone Apr 12, 2025
@wxiaoguang wxiaoguang added the type/feature Completely new functionality. Can only be merged if feature freeze is not active. label Apr 12, 2025
@wxiaoguang
Copy link
Contributor Author

image

image

@wxiaoguang wxiaoguang mentioned this pull request Apr 12, 2025
Closed
@wxiaoguang wxiaoguang mentioned this pull request Apr 12, 2025
Closed
@wxiaoguang wxiaoguang force-pushed the enforce-2fa-2 branch 2 times, most recently from 3c81bf5 to f05976c Compare April 12, 2025 09:02
@wxiaoguang wxiaoguang mentioned this pull request Jul 18, 2023
Open
@wxiaoguang wxiaoguang requested a review from lunny April 14, 2025 10:11
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Apr 28, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Apr 28, 2025
@lunny lunny merged commit 0148d03 into go-gitea:main Apr 28, 2025
26 checks passed
@wxiaoguang wxiaoguang deleted the enforce-2fa-2 branch April 29, 2025 01:40
zjjhot added a commit to zjjhot/gitea that referenced this pull request Apr 30, 2025
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
ed34981 
* giteaofficial/main:
  Fix some dropdown problems on the issue sidebar (go-gitea#34308)
  [skip ci] Updated translations via Crowdin
  Fix button alignments (go-gitea#34307)
  fix go version (go-gitea#34299)
  Fix the ci build (go-gitea#34309)
  support the open-icon of folder (go-gitea#34168)
  Fix wrong review requests when updating the pull request (go-gitea#34286)
  Enforce two-factor auth (2FA: TOTP or WebAuthn) (go-gitea#34187)
  actions artifacts api list/download check status upload confirmed (go-gitea#34273)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lunny lunny lunny approved these changes

@denyskon denyskon denyskon approved these changes

Assignees
No one assigned
Labels
docs-update-needed The document needs to be updated synchronously lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/cli PR changes something on the CLI, i.e. gitea doctor or gitea admin modifies/go Pull requests that update Go code modifies/migrations modifies/templates This PR modifies the template files modifies/translation type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Milestone
1.24.0
Development

Successfully merging this pull request may close these issues.

Ability to enforce two-factor authentication
4 participants
@wxiaoguang @lunny @denyskon @GiteaBot