Grace period for 2FA in GitLab 16.11.2 CE does not work
Summary
We would like to enable 2FA for our locally installed GitLab CE server 16.11.2. It is configured in “settings/general/Sign-in Restrictions” as: Enforce two-factor authentication Two-factor grace period: 240 However, the grace period does not appear to work, user sign-in is trapped in “/-/profile/two_factor_auth”
Steps to reproduce
Every time 2FA is enabled, no matter what grace period is chosen (24 hours or 240 hours or other), no grace period is taking effect, sign-in is trapped in “/-/profile/two_factor_auth”
Example Project
What is the current bug behavior?
When 2FA id enabled and grace period is set, no grace period is taking effect, user is trapped in “/-/profile/two_factor_auth”
What is the expected correct behavior?
Grace period should take effect
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) System information System: Current User: git Using RVM: no Ruby Version: 3.1.4p223 Gem Version: 3.5.7 Bundler Version:2.5.8 Rake Version: 13.0.6 Redis Version: 7.0.15 Sidekiq Version:7.1.6 Go Version: unknown GitLab information Version: 16.11.2 Revision: 0c3000e3564 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 14.11 URL: https://sdrshgitlabv.camh.ca HTTP Clone URL: https://sdrshgitlabv.camh.ca/some-group/some-project.git SSH Clone URL: git@sdrshgitlabv.camh.ca:some-group/some-project.git Using LDAP: yes Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 14.35.0 Repository storages: - default: unix:/var/opt/gitlab/gitaly/gitaly.socket GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Gitaly - default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket - default Version: 16.11.2 - default Git Version: 2.43.2 (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)