-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Two Factor Authentication on Gitea #179
Comments
Yesterday I thought about exactly this feature. I really want that too and would like to contribute to this as well. Has anyone tried any lib for 2fa in Go? |
It would be nice if U2F - FIDO Universal 2nd Factor Authentication will be implemented too. It allow usage of USB key rather than SMS / Mail. A GO library exists : https://developers.yubico.com/U2F/Libraries/List_of_libraries.html |
@0xBAADF00D this can be useful, yes, but, many people use a traditional way for 2FA -including me-. So at least for starting, we should have 2FA enabled. If we make generalize, im pretty sure that 2FA users are most. Correct me If I am wrong. |
@gencer U2F FIDO is 2FA too, but it allow usage of an cryptographic USB Key. By exemple Github propose U2F FIDO or Token generated via "Authenticator" mobile app. You can read more at https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/ We have just to keep in mind to get something modular with the possibility to add new 2FA methods in future |
But this won't get into 1.0.0 as this is a release that will be done pretty soon. Maybe we can integrate it for 1.1.0 or 1.2.0. |
Yes, this should be enabled on admin panel. It should not be a default setting. |
Agreed this cannot be in 1.0.0.
Open for 1.1+, as soon as a PR is ready :)
|
Might go good with #183 |
FTR, a proof of concept for gogs/gogs#945 was posted to minecrafter/gogs@5cd2997. |
@mmoya, Could you send a PR to Gitea? |
@lunny as soon as PR accepted, I will try on brand new server with fresh config for better result and for one to the existing installation to see how its going on. I am preparing a new test server until PR accepted. (Otherwise, I will try target PR source myself) |
@lunny, I'll ask OP first. @minecrafter, are you willing to submit a PR to gitea with your 2fa proof-of-concept? |
I'm assuming the only reason I was mentioned was because I did make this attempt to support 2FA from the parent project.
|
After getting some more background information, I might be willing to contribute two-factor authentication support to the project. I too have been a former Gogs contributor who was stalled by the maintainer. |
@minecrafter you are welcome back! |
@lunny Thanks! 👍 |
I couldn't find this request here so i made one.
As you might know, we deploy our secrets (means sources) in gitea/gogs. It will be super-awesome to get Two Factor Authentication besides normal password. There are plenty of implementation for 2FA and I am pretty sure Go has some kind of library out there (didn't looked up yet).
Possibly storing 2FA secret on a disk and an encrypted data on database will make it more secure. Perhaps secret in app.ini.
Can we at least make it happen in v1.0.0.
Personally, I am gonna feel more secure when 2FA is enabled.
The text was updated successfully, but these errors were encountered: