New section to disable all 2FA (!112234) · Merge requests · GitLab.org / GitLab

Eduardo Sanz García requested to merge eduardosanz/disable-2fa into master Feb 16, 2023

What does this MR do and why?

Created a new section to generate new recovery codes and disable all 2FA. It is important to have a general section because it is not only connected to TOTP but WebAuthn devices too.

This will become very important with the webauthn_without_totp feature flag, because WebAuthn registration will generate recovery codes.

This is a MVC step for #378844 (comment 1212993074)

Changelog: changed

Screenshots or screen recordings

Before registering a 2FA

After enabling a 2FA

How to set up and validate locally

Go to https://gdk.test:3443/-/profile/two_factor_auth
Register a TOTP
Register a WebAuthn device
Disable all 2FA or regenerate recovery codes

If you want to try in conexion with the webauthn_without_totp feature flag:

In rails console, enable the feature flag: Feature.enable(:webauthn_without_totp)

Screen_Recording_2023-02-16_at_20.53.21

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Mar 01, 2023 by Eduardo Sanz García

New section to disable all 2FA