Merge branch 'rs-2fa-task' into 'master'

Add task to disable 2FA for all users Addresses #2971 See merge request !1532

Merge branch 'rs-2fa-task' into 'master'
Add task to disable 2FA for all users Addresses #2971 See merge request !1532
6e1ec3b9 · Jacob Vosmaer · 6ba1e17c · cd46f4c3 · 6e1ec3b9 · 6e1ec3b9
Commit 6e1ec3b9 authored Oct 09, 2015 by Jacob Vosmaer
Hide whitespace changes
Inline Side-by-side

Showing with 37 additions and 0 deletions

doc/raketasks/user_management.md doc/raketasks/user_management.md +14 -0

lib/tasks/gitlab/two_factor.rake lib/tasks/gitlab/two_factor.rake +23 -0

No files found.
--- a/doc/raketasks/user_management.md
+++ b/doc/raketasks/user_management.md
@@ -56,3 +56,17 @@ bundle exec rake gitlab:import:all_users_to_all_groups RAILS_ENV=production
 ```
 block_auto_created_users: false
 ```
+## Disable Two-factor Authentication (2FA) for all users
+This task will disable 2FA for all users that have it enabled. This can be
+useful if GitLab's `.secret` file has been lost and users are unable to login,
+for example.
+```bash
+# omnibus-gitlab
+sudo gitlab-rake gitlab:two_factor:disable_for_all_users
+# installation from source
+bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
+```
--- a/lib/tasks/gitlab/two_factor.rake
+++ b/lib/tasks/gitlab/two_factor.rake
+namespace :gitlab do
+  namespace :two_factor do
+    desc "GitLab | Disable Two-factor authentication (2FA) for all users"
+    task disable_for_all_users: :environment do
+      scope = User.with_two_factor
+      count = scope.count
+      if count > 0
+        puts "This will disable 2FA for #{count.to_s.red} users..."
+        begin
+          ask_to_continue
+          scope.find_each(&:disable_two_factor!)
+          puts "Successfully disabled 2FA for #{count} users.".green
+        rescue Gitlab::TaskAbortedByUserError
+          puts "Quitting...".red
+        end
+      else
+        puts "There are currently no users with 2FA enabled.".yellow
+      end
+    end
+  end
+end