Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): add option to enforce second factor authentication #12200

Merged
merged 12 commits into from
Aug 9, 2024
Merged

feat(auth): add option to enforce second factor authentication #12200

merged 12 commits into from
Aug 9, 2024

Conversation

nijel
Copy link
Member

@nijel nijel commented Aug 5, 2024
edited
Loading

Proposed changes

Built on top of #12173

  • projects can define this and it will block users from editing
  • teams can define this and roles from the teams will not be applied unless user is 2fa verified
  • middleware warns user about not meeting this requirement

Checklist

  • Lint and unit tests pass locally with my changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added documentation to describe my feature.
  • I have squashed my commits into logic units.
  • I have described the changes in the commit messages.

Other information

@nijel nijel added this to the 5.7 milestone Aug 5, 2024
@nijel nijel self-assigned this Aug 5, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 5, 2024
View reviewed changes
weblate/static/loader-bootstrap.js Outdated

const form = document.getElementById("link-post");

form.setAttribute("action", action);

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
@nijel nijel linked an issue Aug 5, 2024 that may be closed by this pull request
Enforced 2FA #11341
Closed
@codecov Codecov
Copy link

codecov bot commented Aug 5, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 95.34884% with 2 lines in your changes missing coverage. Please review.

Project coverage is 91.14%. Comparing base (69d534f) to head (60a5ceb).
Report is 6 commits behind head on main.

Files Patch % Lines
weblate/auth/permissions.py 50.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #12200      +/-   ##
==========================================
- Coverage   91.16%   91.14%   -0.02%     
==========================================
  Files         586      588       +2     
  Lines       60092    60152      +60     
  Branches     9505     9513       +8     
==========================================
+ Hits        54780    54823      +43     
- Misses       3681     3693      +12     
- Partials     1631     1636       +5
Files Coverage Δ
weblate/accounts/tests/test_twofactor.py 100.00% <100.00%> (ø)
weblate/accounts/views.py 84.32% <ø> (ø)
weblate/api/serializers.py 92.30% <ø> (ø)
weblate/auth/forms.py 93.93% <100.00%> (ø)
weblate/auth/migrations/0006_group_enforced_2fa.py 100.00% <100.00%> (ø)
weblate/auth/models.py 92.37% <100.00%> (+0.14%) ⬆️
weblate/trans/forms.py 90.12% <ø> (ø)
...late/trans/migrations/0022_project_enforced_2fa.py 100.00% <100.00%> (ø)
weblate/trans/models/project.py 92.75% <100.00%> (+0.02%) ⬆️
weblate/auth/permissions.py 90.37% <50.00%> (-0.61%) ⬇️

... and 10 files with indirect coverage changes

@nijel nijel marked this pull request as ready for review August 6, 2024 12:01
@nijel nijel requested a review from orangesunny as a code owner August 6, 2024 12:01
@nijel nijel force-pushed the enforced-2fa branch 2 times, most recently from 71afde7 to 6001ebf Compare August 7, 2024 07:22
@orangesunny
Copy link
Member

@nijel, I would wait with a review until 12173 is merged, as it touches the same files and I did some corrections there. I would rather not get lost or create conflicts.

@nijel
feat(auth): add option to enforce second factor authentication
3218862 
- projects can define this and it will block users from editing
- teams can define this and roles from the teams will not be applied
  unless user is 2fa verified

Fixes WeblateOrg#11341
@nijel
Copy link
Member Author

nijel commented Aug 8, 2024

Ready for review, #12173 is merged and this one rebased on top of that.

orangesunny
orangesunny approved these changes Aug 8, 2024
View reviewed changes
Copy link
Member

@orangesunny orangesunny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go; can’t wait to use it!

@nijel nijel enabled auto-merge (squash) August 9, 2024 07:08
nijel
nijel commented Aug 9, 2024
View reviewed changes
docs/admin/projects.rst Outdated Show resolved Hide resolved
@nijel nijel mentioned this pull request Aug 9, 2024
Closed
@nijel nijel merged commit 7b650d3 into WeblateOrg:main Aug 9, 2024
32 of 34 checks passed
@nijel nijel deleted the enforced-2fa branch August 9, 2024 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orangesunny orangesunny orangesunny approved these changes

Assignees

@nijel nijel

Labels
None yet
Projects
None yet
Milestone
5.7
Development

Successfully merging this pull request may close these issues.

Enforced 2FA
2 participants
@nijel @orangesunny