Add test cases to verify Email-based OTP does not satisfy Group and Instance 2FA Requirements (!203924) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Add 2 test cases to verify that Email-based OTP does not satisfy Group & Instance Two-Factor Requirements

The change surfaced a flakiness in ee/spec/services/ee/search/group_service_milestones_visibility_spec.rb, so we are also modifying this test by temporarily skipping the save_namespace_details_changes callback to avoid expensive pg operation.

References

Re: https://gitlab.com/gitlab-org/gitlab/-/issues/561575

Screenshots or screen recordings

Before	After

How to set up and validate locally

bundle exec rspec spec/features/profiles/two_factor_auths_spec.rb

Make sure the test passes. The CI pipeline should be sufficient to validate.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Sep 10, 2025 by Jennifer Li

Add test cases to verify Email-based OTP does not satisfy Group and Instance 2FA Requirements

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports