Merge branch '357870-aqualls-2fa-message' into 'master'

Add more verbose error message if 2FA required

See merge request gitlab-org/gitlab!84405

app/controllers/concerns/enforces_two_factor_authentication.rb

@@ -10,6 +10,11 @@
 module EnforcesTwoFactorAuthentication
   extend ActiveSupport::Concern
 
+  MFA_HELP_PAGE = Rails.application.routes.url_helpers.help_page_url(
+    'user/profile/account/two_factor_authentication.html',
+    anchor: 'enable-two-factor-authentication'
+  )
+
   included do
     before_action :check_two_factor_requirement, except: [:route_not_found]
 
@@ -26,7 +31,11 @@ module EnforcesTwoFactorAuthentication
     if two_factor_authentication_required? && current_user_requires_two_factor?
       case self
       when GraphqlController
-        render_error("2FA required", status: :unauthorized)
+        render_error(
+          _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}") %
+          { mfa_help_page: MFA_HELP_PAGE },
+          status: :unauthorized
+        )
       else
         redirect_to profile_two_factor_auth_path
       end

locale/gitlab.pot

@@ -5266,6 +5266,9 @@ msgstr ""
 msgid "Authentication Log"
 msgstr ""
 
+msgid "Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}"
+msgstr ""
+
 msgid "Authentication failed: %{error_message}"
 msgstr ""
 

spec/controllers/graphql_controller_spec.rb

@@ -168,7 +168,12 @@ RSpec.describe GraphqlController do
         post :execute
 
         expect(response).to have_gitlab_http_status(:unauthorized)
-        expect(json_response).to eq({ 'errors' => [{ 'message' => '2FA required' }] })
+
+        expected_message = "Authentication error: " \
+        "enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}" %
+        { mfa_help_page: EnforcesTwoFactorAuthentication::MFA_HELP_PAGE }
+
+        expect(json_response).to eq({ 'errors' => [{ 'message' => expected_message }] })
       end
     end