Feature #31920

Require 2FA only for certain user groups

Added by Jens Krämer almost 3 years ago. Updated 11 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Marius BALTEANU% Done:

0%

Category:Accounts / authentication
Target version:5.0.0
Resolution:

Description

This patch, which should be applied on top of those from #1237, adds a flag to groups so 2FA can be globally optional, but required for certain groups of users.

0005-per-group-2fa-requirement.patch Magnifier (6.93 KB) Jens Krämer, 2019-08-17 16:07

0001-Rebase-patch-from-23653.patch Magnifier (7.36 KB) Marius BALTEANU, 2021-06-22 22:56

Related issues

Related to Redmine - Feature #35086: Please consider changing the way how 2FA is set up Closed
Related to Redmine - Feature #35439: Option to require 2FA only for users with administration ... Closed
Blocked by Redmine - Feature #1237: Add support for two-factor authentication Closed 2008-05-14

Associated revisions

Revision 21060
Added by Marius BALTEANU 11 months ago

When 2FA is set to optional, allow to require 2FA only for certain user groups (#31920).

Patch by Jens Krämer.

Revision 21062
Added by Go MAEDA 11 months ago

Update locales (#31920).

Revision 21389
Added by Marius BALTEANU 4 months ago

Improve readability of must_activate_twofa? function (#31920).

History

#1 Updated by Go MAEDA almost 3 years ago

  • Blocked by Feature #1237: Add support for two-factor authentication added

#2 Updated by Marius BALTEANU over 1 year ago

  • File 0001-Rebase-patch-from-23653.patch added
  • Subject changed from require 2FA only for certain user groups to Require 2FA only for certain user groups
  • Target version set to 4.2.0

I have rebased this patch in order to deliver this feature together with #1237. All tests pass after I've fixed the rubocop warnings.

#3 Updated by Marius BALTEANU about 1 year ago

  • Assignee set to Jean-Philippe Lang
  • Target version changed from 4.2.0 to 5.0.0

#4 Updated by Marius BALTEANU about 1 year ago

  • Related to Feature #35086: Please consider changing the way how 2FA is set up added

#5 Updated by Marius BALTEANU 12 months ago

  • Assignee changed from Jean-Philippe Lang to Marius BALTEANU

#6 Updated by Marius BALTEANU 11 months ago

  • File deleted (0001-Rebase-patch-from-23653.patch)

#7 Updated by Marius BALTEANU 11 months ago

I've updated the patch for the current trunk and I made two changes:
1. Remove the empty setup do end from test/integration/twofa_test.rb
2. Added a check in app/view/groups/_form.html.erb in order to not diplay the "Require two factor authentication" field for builtin groups (Anonymous and Non Member) because the option won't make any sense for those groups.

@Jens Krämer, please take a look over my changes, I would like to commit this as soon as possible if the changes look good to you.

#8 Updated by Jens Krämer 11 months ago

looks good to me!

#9 Updated by Marius BALTEANU 11 months ago

  • Status changed from New to Resolved

Committed the patch. Thank you for your contribution.

#10 Updated by Marius BALTEANU 11 months ago

  • Tracker changed from Patch to Feature
  • Status changed from Resolved to Closed

#11 Updated by Holger Just 4 months ago

  • Related to Feature #35439: Option to require 2FA only for users with administration rights added

Also available in: Atom PDF