diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 586c924c4ab83..67c0bf5a323f4 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -372,6 +372,9 @@ INTERNAL_TOKEN= ;; Set to true to disable webhooks feature. ;DISABLE_WEBHOOKS = false ;; +;; Set to false to disable 2FA feature. +;DISABLE_2FA = false +;; ;; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED ;ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true ;; diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 6cbc9b91f985b..bc6ac4001acfc 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -498,6 +498,7 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o Gitea instance and perform arbitrary actions in the name of the Gitea OS user. This maybe harmful to you website or your operating system. - `DISABLE_WEBHOOKS`: **false**: Set to `true` to disable webhooks feature. +- `DISABLE_2FA`: **false**: Set to `true` to disable 2FA feature. - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to Gitea repositories you should set the environment appropriately. - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. - `INTERNAL_TOKEN`: **\**: Secret used to validate communication within Gitea binary. diff --git a/modules/context/context.go b/modules/context/context.go index 5038850649921..c0587e654977e 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -706,6 +706,7 @@ func Contexter() func(next http.Handler) http.Handler { ctx.Data["EnableSwagger"] = setting.API.EnableSwagger ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn + ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations ctx.Data["DisableStars"] = setting.Repository.DisableStars diff --git a/modules/setting/setting.go b/modules/setting/setting.go index abd6716c74e6e..a12b4e933c6ae 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -187,6 +187,7 @@ var ( ImportLocalPaths bool DisableGitHooks bool DisableWebhooks bool + Disable2FA bool OnlyAllowPushIfGiteaEnvironmentSet bool PasswordComplexity []string PasswordHashAlgo string @@ -868,6 +869,7 @@ func loadFromConf(allowEmpty bool, extraConfig string) { ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true) DisableWebhooks = sec.Key("DISABLE_WEBHOOKS").MustBool(false) + Disable2FA = sec.Key("DISABLE_2FA").MustBool(false) OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true) PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2") CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true) diff --git a/modules/templates/helper.go b/modules/templates/helper.go index fc07b49c71925..ec963c0cd01d5 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -236,6 +236,9 @@ func NewFuncMap() []template.FuncMap { "DisableWebhooks": func() bool { return setting.DisableWebhooks }, + "Disable2FA": func() bool { + return setting.Disable2FA + }, "DisableImportLocal": func() bool { return !setting.ImportLocalPaths }, diff --git a/templates/admin/user/list.tmpl b/templates/admin/user/list.tmpl index 93e6f38c27018..08feed6b6a9fe 100644 --- a/templates/admin/user/list.tmpl +++ b/templates/admin/user/list.tmpl @@ -73,7 +73,9 @@ {{.i18n.Tr "admin.users.activated"}} {{.i18n.Tr "admin.users.admin"}} {{.i18n.Tr "admin.users.restricted"}} + {{if not Disable2FA}} {{.i18n.Tr "admin.users.2fa"}} + {{end}} {{.i18n.Tr "admin.users.repos"}} {{.i18n.Tr "admin.users.created"}} @@ -92,7 +94,9 @@ {{if .IsActive}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}} {{if .IsAdmin}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}} {{if .IsRestricted}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}} + {{if not Disable2FA}} {{if index $.UsersTwoFaStatus .ID}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}} + {{end}} {{.NumRepos}} {{.CreatedUnix.FormatShort}} {{if .LastLoginUnix}} diff --git a/templates/org/member/members.tmpl b/templates/org/member/members.tmpl index 49d8f52f87228..c446e12f62e6a 100644 --- a/templates/org/member/members.tmpl +++ b/templates/org/member/members.tmpl @@ -37,6 +37,7 @@ {{if index $.MembersIsUserOrgOwner .ID}}{{svg "octicon-shield-lock"}} {{$.i18n.Tr "org.members.owner"}}{{else}}{{$.i18n.Tr "org.members.member"}}{{end}} + {{if not Disable2FA}}
{{$.i18n.Tr "admin.users.2fa"}} @@ -51,6 +52,7 @@
+ {{end}}
{{if eq $.SignedUser.ID .ID}} diff --git a/templates/user/settings/navbar.tmpl b/templates/user/settings/navbar.tmpl index 3477a5949b849..2fb22210c4696 100644 --- a/templates/user/settings/navbar.tmpl +++ b/templates/user/settings/navbar.tmpl @@ -9,9 +9,11 @@ {{.i18n.Tr "settings.appearance"}} + {{if or (not Disable2FA) .EnableOpenIDSignIn .EnableOpenIDSignUp}} {{.i18n.Tr "settings.security"}} + {{end}} {{.i18n.Tr "settings.applications"}} diff --git a/templates/user/settings/security/security.tmpl b/templates/user/settings/security/security.tmpl index d93be9f640168..a860ad8b729e1 100644 --- a/templates/user/settings/security/security.tmpl +++ b/templates/user/settings/security/security.tmpl @@ -3,9 +3,13 @@ {{template "user/settings/navbar" .}}
{{template "base/alert" .}} + {{if not Disable2FA}} {{template "user/settings/security/twofa" .}} {{template "user/settings/security/webauthn" .}} + {{end}} + {{if .EnableOpenIDSignUp}} {{template "user/settings/security/accountlinks" .}} + {{end}} {{if .EnableOpenIDSignIn}} {{template "user/settings/security/openid" .}} {{end}}