Direct import fails early when 2FA requirements not met
What does this MR do and why?
Fails Direct Import early if the user initiating an import does not have 2FA enabled but the source group has 2FA required.
Current behaviour
If a user does not have admin AND imports a group with 2FA enforced at the group level:
- The new group is created
- User is added as a member
- User is redirected to their accounts page to set up 2FA with a flash error message and can't do anything until 2FA is set up.
How it was fixed
The issue is solved by raising an error before creating the imported group if these requirements are not met. The result is that the import fails and an error message is displayed on the History indicating "User requires Two-Factor Authentication":
Imports page:
History page:
How to set up and validate locally
- Log into the review app: https://gitlab-review-384030-dir-kdlbsi.gitlab-review.app/
- Create a PTA for connecting to local
- Create a group with a project
- On localhost:
- Disable 2FA for the logged-in user
- Create a group and set 2FA to required: Group > Settings > General > Permissions and group features > Check "All users in this group must set up two-factor authentication", set "Delay 2FA enforcement (hours)" to 0 and save
- Go to the imports page and connect to the review app using the PTA created above
- Import the group created in the review app
- Note that it fails and that the reason of failure on the History page is "User requires Two-Factor Authentication"
- Enable 2FA and import again and note that there is no failure
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #384030 (closed)
Edited by Madelein van Niekerk