Simplify condition to show OTP or recovery codes (!119795) · Merge requests · GitLab.org / GitLab

Eduardo Sanz García requested to merge eduardosanz/simplify-condition-2fa into master May 05, 2023

What does this MR do and why?

Users with 2FA, either by OTP or WebAuthn, have recovery codes. Here we simplify the condition to show the UI to enter such codes.

Screenshots or screen recordings

Screen_Recording_2023-04-26_at_18.33.25

How to set up and validate locally

Disable all 2FA for the admin user
Enable the webauth_without_totp feature flag
Register a webauthn device
Go to Admin > Settings > General > Sign-in restrictions and select Enable admin mode
Go to https://gdk.test:3443/admin/session/new
Enter password
Selecting Sign in via 2FA code should allow to enter the verification code.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Simplify condition to show OTP or recovery codes

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports