[PR #630] [MERGED] Two factor authentication support #15500

New Issue

GiteaMirror · 2025-11-02T11:47:59-06:00

GiteaMirror commented

2025-11-02 11:47:59 -06:00

📋 Pull Request Information

Original PR: https://github.com/go-gitea/gitea/pull/630
Author: @minecrafter
Created: 1/10/2017
Status: ✅ Merged
Merged: 1/16/2017
Merged by: @lunny

Base: master ← Head: 2fa

📝 Commits (10+)

d810cc4 Initial commit for 2FA support
4a9eef0 Add vendored files
462ee3c Add missing depends
723f457 A few clean ups
ac94be1 Added improvements, proper encryption
c9feca7 Better encryption key
901e00a Simplify "key" generation
2130fb9 Make 2FA enrollment page more robust
004d503 Fix typo
27d4ae1 Rename twofa/2FA to TwoFactor

📊 Changes

40 files changed (+3395 additions, -8 deletions)

View changed files

📝 cmd/web.go (+13 -0)
📝 models/error.go (+19 -0)
📝 models/models.go (+1 -0)
➕ models/twofactor.go (+141 -0)
📝 modules/auth/user_form.go (+20 -0)
📝 options/locale/locale_en-US.ini (+27 -0)
📝 routers/user/auth.go (+169 -8)
📝 routers/user/setting.go (+194 -0)
➕ templates/user/auth/twofa.tmpl (+27 -0)
➕ templates/user/auth/twofa_scratch.tmpl (+26 -0)
📝 templates/user/settings/navbar.tmpl (+3 -0)
➕ templates/user/settings/twofa.tmpl (+48 -0)
➕ templates/user/settings/twofa_enroll.tmpl (+33 -0)
➕ vendor/github.com/boombuler/barcode/LICENSE (+21 -0)
➕ vendor/github.com/boombuler/barcode/README.md (+18 -0)
➕ vendor/github.com/boombuler/barcode/barcode.go (+21 -0)
➕ vendor/github.com/boombuler/barcode/qr/alphanumeric.go (+66 -0)
➕ vendor/github.com/boombuler/barcode/qr/automatic.go (+23 -0)
➕ vendor/github.com/boombuler/barcode/qr/blocks.go (+59 -0)
➕ vendor/github.com/boombuler/barcode/qr/encoder.go (+416 -0)

...and 20 more files

📄 Description

~~This PR is still a work in progress and therefore I do not recommend pulling this just yet.~~

This adds two-factor authentication support to Gitea, resolving #179. As I'm new to Gitea and fairly new to Go, I'm looking for friendly input.

There are a few issues that need to be looked at:

Hashing the scratch code: at the moment, scratch codes are unhashed. This may be fine as you'd need to break the password first, which is relatively difficult, but another layer of security would not hurt.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-gitea/gitea/pull/630 **Author:** [@minecrafter](https://github.com/minecrafter) **Created:** 1/10/2017 **Status:** ✅ Merged **Merged:** 1/16/2017 **Merged by:** [@lunny](https://github.com/lunny) **Base:** `master` ← **Head:** `2fa` --- ### 📝 Commits (10+) - [`d810cc4`](https://github.com/go-gitea/gitea/commit/d810cc4719f4ceeca22037b660b3c1b0ae3e36e6) Initial commit for 2FA support - [`4a9eef0`](https://github.com/go-gitea/gitea/commit/4a9eef065aac584e1b14d05784f357edafab97a8) Add vendored files - [`462ee3c`](https://github.com/go-gitea/gitea/commit/462ee3c9c1f7fe6ada270b9fa501edb97a0c4cd3) Add missing depends - [`723f457`](https://github.com/go-gitea/gitea/commit/723f457df9656da1da34f789b88de597df3d8fd1) A few clean ups - [`ac94be1`](https://github.com/go-gitea/gitea/commit/ac94be19d83d43970e2d344f7198e413523fd594) Added improvements, proper encryption - [`c9feca7`](https://github.com/go-gitea/gitea/commit/c9feca79081add2d4560b23863822a809f3cc5ee) Better encryption key - [`901e00a`](https://github.com/go-gitea/gitea/commit/901e00a44e95796af84189435e04bd213d4597ba) Simplify "key" generation - [`2130fb9`](https://github.com/go-gitea/gitea/commit/2130fb9851cd6e1cd9375cc3e40a6e4eed0c102f) Make 2FA enrollment page more robust - [`004d503`](https://github.com/go-gitea/gitea/commit/004d5033cd2f049f2c5659b1be2b92e1a4b604d7) Fix typo - [`27d4ae1`](https://github.com/go-gitea/gitea/commit/27d4ae1cafb360d5ab42e816b777965f4fd91a74) Rename twofa/2FA to TwoFactor ### 📊 Changes **40 files changed** (+3395 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `cmd/web.go` (+13 -0) 📝 `models/error.go` (+19 -0) 📝 `models/models.go` (+1 -0) ➕ `models/twofactor.go` (+141 -0) 📝 `modules/auth/user_form.go` (+20 -0) 📝 `options/locale/locale_en-US.ini` (+27 -0) 📝 `routers/user/auth.go` (+169 -8) 📝 `routers/user/setting.go` (+194 -0) ➕ `templates/user/auth/twofa.tmpl` (+27 -0) ➕ `templates/user/auth/twofa_scratch.tmpl` (+26 -0) 📝 `templates/user/settings/navbar.tmpl` (+3 -0) ➕ `templates/user/settings/twofa.tmpl` (+48 -0) ➕ `templates/user/settings/twofa_enroll.tmpl` (+33 -0) ➕ `vendor/github.com/boombuler/barcode/LICENSE` (+21 -0) ➕ `vendor/github.com/boombuler/barcode/README.md` (+18 -0) ➕ `vendor/github.com/boombuler/barcode/barcode.go` (+21 -0) ➕ `vendor/github.com/boombuler/barcode/qr/alphanumeric.go` (+66 -0) ➕ `vendor/github.com/boombuler/barcode/qr/automatic.go` (+23 -0) ➕ `vendor/github.com/boombuler/barcode/qr/blocks.go` (+59 -0) ➕ `vendor/github.com/boombuler/barcode/qr/encoder.go` (+416 -0) _...and 20 more files_ </details> ### 📄 Description ~~This PR is still a **work in progress** and therefore I do not recommend pulling this just yet.~~ This adds two-factor authentication support to Gitea, resolving #179. As I'm new to Gitea and fairly new to Go, I'm looking for friendly input. There are a few issues that need to be looked at: * Hashing the scratch code: at the moment, scratch codes are unhashed. This may be fine as you'd need to break the password first, which is relatively difficult, but another layer of security would not hurt. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-02 11:47:59 -06:00

GiteaMirror closed this issue

2025-11-02 11:48:00 -06:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#15500