github/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-05-30 11:35:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
62f73491f3
gitea/models
History
wxiaoguang 0148d03f21
Enforce two-factor auth (2FA: TOTP or WebAuthn) (#34187) 
Fix #880

Design:

1. A global setting `security.TWO_FACTOR_AUTH`.
* To support org-level config, we need to introduce a better "owner
setting" system first (in the future)
2. A user without 2FA can login and may explore, but can NOT read or
write to any repositories via API/web.
3. Keep things as simple as possible.
* This option only aggressively suggest users to enable their 2FA at the
moment, it does NOT guarantee that users must have 2FA before all other
operations, it should be good enough for real world use cases.
* Some details and tests could be improved in the future since this
change only adds a check and seems won't affect too much.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-04-28 15:31:59 -07:00
..
actions actions artifacts api list/download check status upload confirmed (#34273) 2025-04-28 16:31:53 +00:00
activities Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
admin Fix omitempty bug (#33663) 2025-02-20 12:39:21 -08:00
asymkey Cache GPG keys, emails and users when list commits (#34086) 2025-04-09 16:34:38 +00:00
auth Enforce two-factor auth (2FA: TOTP or WebAuthn) (#34187) 2025-04-28 15:31:59 -07:00
avatars Replace 10 more gt- classes with tw- (#29945) 2024-03-22 13:45:10 +00:00
db Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
dbfs Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
fixtures actions artifacts api list/download check status upload confirmed (#34273) 2025-04-28 16:31:53 +00:00
git Rework create/fork/adopt/generate repository to make sure resources will be cleanup once failed (#31035) 2025-04-07 22:12:54 -07:00
issues Option to delay conflict checking of old pull requests until page view (#27779) 2025-04-24 19:26:57 +00:00
migrations Enforce two-factor auth (2FA: TOTP or WebAuthn) (#34187) 2025-04-28 15:31:59 -07:00
organization Check user/org repo limit instead of doer (#34147) 2025-04-07 23:45:31 -07:00
packages Swift files can be passed either as file or as form value (#34068) 2025-04-18 20:09:56 +08:00
perm Enforce two-factor auth (2FA: TOTP or WebAuthn) (#34187) 2025-04-28 15:31:59 -07:00
project Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
pull Automerge supports deleting branch automatically after merging (#32343) 2025-01-10 03:51:03 +08:00
renderhelper Fix markdown render behaviors (#34122) 2025-04-05 11:56:48 +08:00
repo Uniform all temporary directories and allow customizing temp path (#32352) 2025-04-08 16:15:28 +00:00
secret Added Description Field for Secrets and Variables (#33526) 2025-03-17 19:24:54 +00:00
shared/types Refactor locale&string&template related code (#29165) 2024-02-14 21:48:45 +00:00
system Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
unit Fix team permission (#34128) 2025-04-08 04:15:15 +00:00
unittest Uniform all temporary directories and allow customizing temp path (#32352) 2025-04-08 16:15:28 +00:00
user Cache GPG keys, emails and users when list commits (#34086) 2025-04-09 16:34:38 +00:00
webhook fix webhook url (#34186) 2025-04-13 02:24:32 +00:00
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
repo_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
repo.go Fix issue comment number (#30556) 2024-12-30 14:35:46 -08:00