Allow to enter verification codes in admin mode (!118811) · Merge requests · GitLab.org / GitLab

Eduardo Sanz García requested to merge eduardosanz/2fa-admin-mode into master Apr 26, 2023

What does this MR do and why?

Because of the webauthn_withoug_totp feature flag, introduced in !111769 (merged), an admin can have a webauthn device as the only 2FA.

Currently, if the such admin tries to sign-in in the admin mode and doesn't have the webauthn device, he/she is not able to enter a verification code.

The same check that was introduced there is added here.

Screenshots or screen recordings

Screen_Recording_2023-04-26_at_18.33.25

How to set up and validate locally

Disable all 2FA for the admin user
Enable the webauth_without_totp feature flag
Register a webauthn device
Go to Admin > Settings > General > Sign-in restrictions and select Enable admin mode
Go to https://gdk.test:3443/admin/session/new
Enter password
Selecting Sign in via 2FA code should allow to enter the verification code.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Apr 26, 2023 by Eduardo Sanz García

Allow to enter verification codes in admin mode

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports