summaryrefslogtreecommitdiffstats
path: root/template/en
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2017-09-15 22:13:18 +0200
committerGitHub <noreply@github.com>2017-09-15 22:13:18 +0200
commit78ad8c0d088aa95ec1bd7eadea45ffdba05d907e (patch)
tree7a218af5d9a553a51b8ddc9a9d609772603fd615 /template/en
parente9adcde4648b54db8d40f314ca938dca5080bb9c (diff)
downloadbugzilla-78ad8c0d088aa95ec1bd7eadea45ffdba05d907e.tar.gz
bugzilla-78ad8c0d088aa95ec1bd7eadea45ffdba05d907e.tar.xz
Bug 1364233 - Add setting to force a group to require MFA and restrict users in that group who have not enabled MFA
Diffstat (limited to 'template/en')
-rw-r--r--template/en/default/account/prefs/mfa.html.tmpl26
-rw-r--r--template/en/default/admin/params/auth.html.tmpl8
-rw-r--r--template/en/default/global/header.html.tmpl19
3 files changed, 47 insertions, 6 deletions
diff --git a/template/en/default/account/prefs/mfa.html.tmpl b/template/en/default/account/prefs/mfa.html.tmpl
index fc748cdd1..99a4b0f2a 100644
--- a/template/en/default/account/prefs/mfa.html.tmpl
+++ b/template/en/default/account/prefs/mfa.html.tmpl
@@ -6,6 +6,8 @@
# defined by the Mozilla Public License, v. 2.0.
#%]
+[% SET MFA_HOWTO = "https://wiki.mozilla.org/BMO/UserGuide/Two-Factor_Authentication" %]
+
[% IF NOT Bugzilla.feature('mfa') %]
<input type="hidden" name="mfa_action" id="mfa-action" value="">
<p>
@@ -126,9 +128,25 @@
</div>
[% ELSE %]
- <p>
- Two-factor authentication is currently <b>disabled</b>.
- </p>
+ [% IF Bugzilla.request_cache.mfa_warning %]
+ <p class="mfa-warning-msg">
+ You <b>must</b> enable two-factor authentication
+ [% UNLESS Bugzilla.request_cache.mfa_grace_period_expired %]
+ before <i>[% Bugzilla.user.mfa_required_date FILTER time %]</i>.
+ After that date, you will be restricted to this page until 2FA is configured.
+ [% ELSE %]
+ before continuing to use [% terms.Bugzilla %].
+ [% END %]
+ </p>
+ <p>
+ <b>Need help setting ip 2FA?</b>
+ You may want to <a href="[% MFA_HOWTO FILTER html %]">read these comprensive instructions</a>.
+ </p>
+ [% ELSE %]
+ <p>
+ Two-factor authentication is currently <b>disabled</b>.
+ </p>
+ [% END %]
<input type="hidden" name="mfa_action" id="mfa-action" value="enable">
<input type="hidden" name="mfa" id="mfa">
@@ -257,4 +275,4 @@
<li>If in doubt, generate and print new recovery codes</li>
<li><b>Do not store these codes electronically</b></li>
</ul>
-[% END %]
+[% END %] \ No newline at end of file
diff --git a/template/en/default/admin/params/auth.html.tmpl b/template/en/default/admin/params/auth.html.tmpl
index 99c52f759..e19712351 100644
--- a/template/en/default/admin/params/auth.html.tmpl
+++ b/template/en/default/admin/params/auth.html.tmpl
@@ -244,5 +244,13 @@
"The 'secret key' for Duo 2FA. This value is provided by your " _
"Duo Security administrator.",
+ mfa_group =>
+ "Members of this group must enable MFA. If the grace period is set, " _
+ "users will receive a warning on every page until end of the grace period. " _
+ "Users without MFA after the grace period (or when it is set to 0) will only " _
+ "be able to access the mfa tab of the user preferences page."
+
+ mfa_group_grace_period =>
+ "Number of days to warn user to turn on 2FA."
},
%]
diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl
index e808df9bd..1ea652c10 100644
--- a/template/en/default/global/header.html.tmpl
+++ b/template/en/default/global/header.html.tmpl
@@ -39,7 +39,7 @@
# no_body: if true the body element will not be generated
# allow_mobile: allow special CSS and viewport for detected mobile useragents
# use_login_page: display a link to the full login page, rather than an inline login.
- # no_index: Disable search engine from adding page into search index.
+ # no_index: Disable search engine from adding page into search index.
#%]
[% IF message %]
@@ -234,6 +234,9 @@
<body
class="[% urlbase.replace('^https?://','').replace('/$','').replace('[-~@:/.]+','-') FILTER css_class_quote %]
skin-[% user.settings.skin.value FILTER css_class_quote %]
+ [% IF Bugzilla.request_cache.mfa_warning %]
+ mfa-warning
+ [% END %]
[% FOREACH class = bodyclasses %]
[% ' ' %][% class FILTER css_class_quote %]
[% END %] yui-skin-sam">
@@ -252,6 +255,18 @@
</td>
<td>
[% Hook.process("message") %]
+ [% IF Bugzilla.request_cache.mfa_warning
+ AND user.mfa_required_date
+ AND NOT Bugzilla.request_cache.on_mfa_page %]
+ <span id="mfa-warning">
+ Please <a href="userprefs.cgi?tab=mfa">enabled two-factor authentication</a>
+ [% IF Param('mfa_group_grace_period') %]
+ before <i>[% user.mfa_required_date FILTER time %]</i>.
+ [% ELSE %]
+ now.
+ [% END %]
+ </span>
+ [% END %]
</td>
<td id="moz_login">
[% IF user.id %]
@@ -355,4 +370,4 @@
[% BLOCK format_js_link %]
<script [% script_nonce FILTER none %] type="text/javascript" src="[% asset_url FILTER mtime FILTER html %]"></script>
-[% END %]
+[% END %] \ No newline at end of file