diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-09-15 22:13:18 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-15 22:13:18 +0200 |
commit | 78ad8c0d088aa95ec1bd7eadea45ffdba05d907e (patch) | |
tree | 7a218af5d9a553a51b8ddc9a9d609772603fd615 /template/en | |
parent | e9adcde4648b54db8d40f314ca938dca5080bb9c (diff) | |
download | bugzilla-78ad8c0d088aa95ec1bd7eadea45ffdba05d907e.tar.gz bugzilla-78ad8c0d088aa95ec1bd7eadea45ffdba05d907e.tar.xz |
Bug 1364233 - Add setting to force a group to require MFA and restrict users in that group who have not enabled MFA
Diffstat (limited to 'template/en')
-rw-r--r-- | template/en/default/account/prefs/mfa.html.tmpl | 26 | ||||
-rw-r--r-- | template/en/default/admin/params/auth.html.tmpl | 8 | ||||
-rw-r--r-- | template/en/default/global/header.html.tmpl | 19 |
3 files changed, 47 insertions, 6 deletions
diff --git a/template/en/default/account/prefs/mfa.html.tmpl b/template/en/default/account/prefs/mfa.html.tmpl index fc748cdd1..99a4b0f2a 100644 --- a/template/en/default/account/prefs/mfa.html.tmpl +++ b/template/en/default/account/prefs/mfa.html.tmpl @@ -6,6 +6,8 @@ # defined by the Mozilla Public License, v. 2.0. #%] +[% SET MFA_HOWTO = "https://wiki.mozilla.org/BMO/UserGuide/Two-Factor_Authentication" %] + [% IF NOT Bugzilla.feature('mfa') %] <input type="hidden" name="mfa_action" id="mfa-action" value=""> <p> @@ -126,9 +128,25 @@ </div> [% ELSE %] - <p> - Two-factor authentication is currently <b>disabled</b>. - </p> + [% IF Bugzilla.request_cache.mfa_warning %] + <p class="mfa-warning-msg"> + You <b>must</b> enable two-factor authentication + [% UNLESS Bugzilla.request_cache.mfa_grace_period_expired %] + before <i>[% Bugzilla.user.mfa_required_date FILTER time %]</i>. + After that date, you will be restricted to this page until 2FA is configured. + [% ELSE %] + before continuing to use [% terms.Bugzilla %]. + [% END %] + </p> + <p> + <b>Need help setting ip 2FA?</b> + You may want to <a href="[% MFA_HOWTO FILTER html %]">read these comprensive instructions</a>. + </p> + [% ELSE %] + <p> + Two-factor authentication is currently <b>disabled</b>. + </p> + [% END %] <input type="hidden" name="mfa_action" id="mfa-action" value="enable"> <input type="hidden" name="mfa" id="mfa"> @@ -257,4 +275,4 @@ <li>If in doubt, generate and print new recovery codes</li> <li><b>Do not store these codes electronically</b></li> </ul> -[% END %] +[% END %]
\ No newline at end of file diff --git a/template/en/default/admin/params/auth.html.tmpl b/template/en/default/admin/params/auth.html.tmpl index 99c52f759..e19712351 100644 --- a/template/en/default/admin/params/auth.html.tmpl +++ b/template/en/default/admin/params/auth.html.tmpl @@ -244,5 +244,13 @@ "The 'secret key' for Duo 2FA. This value is provided by your " _ "Duo Security administrator.", + mfa_group => + "Members of this group must enable MFA. If the grace period is set, " _ + "users will receive a warning on every page until end of the grace period. " _ + "Users without MFA after the grace period (or when it is set to 0) will only " _ + "be able to access the mfa tab of the user preferences page." + + mfa_group_grace_period => + "Number of days to warn user to turn on 2FA." }, %] diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl index e808df9bd..1ea652c10 100644 --- a/template/en/default/global/header.html.tmpl +++ b/template/en/default/global/header.html.tmpl @@ -39,7 +39,7 @@ # no_body: if true the body element will not be generated # allow_mobile: allow special CSS and viewport for detected mobile useragents # use_login_page: display a link to the full login page, rather than an inline login. - # no_index: Disable search engine from adding page into search index. + # no_index: Disable search engine from adding page into search index. #%] [% IF message %] @@ -234,6 +234,9 @@ <body class="[% urlbase.replace('^https?://','').replace('/$','').replace('[-~@:/.]+','-') FILTER css_class_quote %] skin-[% user.settings.skin.value FILTER css_class_quote %] + [% IF Bugzilla.request_cache.mfa_warning %] + mfa-warning + [% END %] [% FOREACH class = bodyclasses %] [% ' ' %][% class FILTER css_class_quote %] [% END %] yui-skin-sam"> @@ -252,6 +255,18 @@ </td> <td> [% Hook.process("message") %] + [% IF Bugzilla.request_cache.mfa_warning + AND user.mfa_required_date + AND NOT Bugzilla.request_cache.on_mfa_page %] + <span id="mfa-warning"> + Please <a href="userprefs.cgi?tab=mfa">enabled two-factor authentication</a> + [% IF Param('mfa_group_grace_period') %] + before <i>[% user.mfa_required_date FILTER time %]</i>. + [% ELSE %] + now. + [% END %] + </span> + [% END %] </td> <td id="moz_login"> [% IF user.id %] @@ -355,4 +370,4 @@ [% BLOCK format_js_link %] <script [% script_nonce FILTER none %] type="text/javascript" src="[% asset_url FILTER mtime FILTER html %]"></script> -[% END %] +[% END %]
\ No newline at end of file |