github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 10:39:38 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Two Factor Authentication on Gitea #59

New Issue
Closed
opened 2025-11-02 03:06:30 -06:00 by GiteaMirror · 17 comments
GiteaMirror commented 2025-11-02 03:06:30 -06:00
Owner
Copy Link

Originally created by @gencer on GitHub (Nov 15, 2016).

I couldn't find this request here so i made one.

As you might know, we deploy our secrets (means sources) in gitea/gogs. It will be super-awesome to get Two Factor Authentication besides normal password. There are plenty of implementation for 2FA and I am pretty sure Go has some kind of library out there (didn't looked up yet).

Possibly storing 2FA secret on a disk and an encrypted data on database will make it more secure. Perhaps secret in app.ini.

Can we at least make it happen in v1.0.0.

Personally, I am gonna feel more secure when 2FA is enabled.

Originally created by @gencer on GitHub (Nov 15, 2016). I couldn't find this request here so i made one. As you might know, we deploy our secrets (means sources) in gitea/gogs. It will be super-awesome to get Two Factor Authentication besides normal password. There are plenty of implementation for 2FA and I am pretty sure Go has some kind of library out there (didn't looked up yet). Possibly storing 2FA secret on a disk and an encrypted data on database will make it more secure. Perhaps secret in app.ini. Can we at least make it happen in v1.0.0. Personally, I am gonna feel more secure when 2FA is enabled.
GiteaMirror added the type/featuretype/proposal labels 2025-11-02 03:06:30 -06:00
GiteaMirror commented 2025-11-02 03:06:31 -06:00
Author
Owner
Copy Link

@metalmatze commented on GitHub (Nov 15, 2016):

Yesterday I thought about exactly this feature. I really want that too and would like to contribute to this as well. Has anyone tried any lib for 2fa in Go?

@metalmatze commented on GitHub (Nov 15, 2016): Yesterday I thought about exactly this feature. I really want that too and would like to contribute to this as well. Has anyone tried any lib for 2fa in Go?
GiteaMirror commented 2025-11-02 03:06:31 -06:00
Author
Owner
Copy Link

@thibaultmeyer commented on GitHub (Nov 15, 2016):

It would be nice if U2F - FIDO Universal 2nd Factor Authentication will be implemented too. It allow usage of USB key rather than SMS / Mail. A GO library exists : https://developers.yubico.com/U2F/Libraries/List_of_libraries.html

@thibaultmeyer commented on GitHub (Nov 15, 2016): It would be nice if U2F - FIDO Universal 2nd Factor Authentication will be implemented too. It allow usage of USB key rather than SMS / Mail. A GO library exists : https://developers.yubico.com/U2F/Libraries/List_of_libraries.html
GiteaMirror commented 2025-11-02 03:06:31 -06:00
Author
Owner
Copy Link

@gencer commented on GitHub (Nov 15, 2016):

@0xbaadf00d this can be useful, yes, but, many people use a traditional way for 2FA -including me-. So at least for starting, we should have 2FA enabled. If we make generalize, im pretty sure that 2FA users are most.

Correct me If I am wrong.

@gencer commented on GitHub (Nov 15, 2016): @0xbaadf00d this can be useful, yes, but, many people use a traditional way for 2FA -including me-. So at least for starting, we should have 2FA enabled. If we make generalize, im pretty sure that 2FA users are most. Correct me If I am wrong.
GiteaMirror commented 2025-11-02 03:06:31 -06:00
Author
Owner
Copy Link

@thibaultmeyer commented on GitHub (Nov 15, 2016):

@gencer U2F FIDO is 2FA too, but it allow usage of an cryptographic USB Key. By exemple Github propose U2F FIDO or Token generated via "Authenticator" mobile app.

You can read more at https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/

We have just to keep in mind to get something modular with the possibility to add new 2FA methods in future

@thibaultmeyer commented on GitHub (Nov 15, 2016): @gencer U2F FIDO is 2FA too, but it allow usage of an cryptographic USB Key. By exemple Github propose U2F FIDO or Token generated via "Authenticator" mobile app. You can read more at https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/ We have just to keep in mind to get something modular with the possibility to add new 2FA methods in future
GiteaMirror commented 2025-11-02 03:06:32 -06:00
Author
Owner
Copy Link

@tboerger commented on GitHub (Nov 15, 2016):

But this won't get into 1.0.0 as this is a release that will be done pretty soon. Maybe we can integrate it for 1.1.0 or 1.2.0.

@tboerger commented on GitHub (Nov 15, 2016): But this won't get into 1.0.0 as this is a release that will be done pretty soon. Maybe we can integrate it for 1.1.0 or 1.2.0.
GiteaMirror commented 2025-11-02 03:06:32 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Nov 16, 2016):

Yes, this should be enabled on admin panel. It should not be a default setting.

@lunny commented on GitHub (Nov 16, 2016): Yes, this should be enabled on admin panel. It should not be a default setting.
GiteaMirror commented 2025-11-02 03:06:32 -06:00
Author
Owner
Copy Link

@strk commented on GitHub (Nov 16, 2016):

Agreed this cannot be in 1.0.0.
Open for 1.1+, as soon as a PR is ready :)

@strk commented on GitHub (Nov 16, 2016): Agreed this cannot be in 1.0.0. Open for 1.1+, as soon as a PR is ready :)
GiteaMirror commented 2025-11-02 03:06:32 -06:00
Author
Owner
Copy Link

@stevenroose commented on GitHub (Nov 16, 2016):

Might go good with #183

@stevenroose commented on GitHub (Nov 16, 2016): Might go good with #183
GiteaMirror commented 2025-11-02 03:06:33 -06:00
Author
Owner
Copy Link

@mmoya commented on GitHub (Jan 6, 2017):

FTR, a proof of concept for gogits/gogs#945 was posted to 5cd29970a3.

@mmoya commented on GitHub (Jan 6, 2017): FTR, a proof of concept for gogits/gogs#945 was posted to https://github.com/minecrafter/gogs/commit/5cd29970a39ba273a4d1115373099c7615353902.
GiteaMirror commented 2025-11-02 03:06:33 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jan 6, 2017):

@mmoya, Could you send a PR to Gitea?

@lunny commented on GitHub (Jan 6, 2017): @mmoya, Could you send a PR to Gitea?
GiteaMirror commented 2025-11-02 03:06:33 -06:00
Author
Owner
Copy Link

@gencer commented on GitHub (Jan 6, 2017):

@lunny as soon as PR accepted, I will try on brand new server with fresh config for better result and for one to the existing installation to see how its going on. I am preparing a new test server until PR accepted. (Otherwise, I will try target PR source myself)

@gencer commented on GitHub (Jan 6, 2017): @lunny as soon as PR accepted, I will try on brand new server with fresh config for better result and for one to the existing installation to see how its going on. I am preparing a new test server until PR accepted. (Otherwise, I will try target PR source myself)
GiteaMirror commented 2025-11-02 03:06:33 -06:00
Author
Owner
Copy Link

@mmoya commented on GitHub (Jan 9, 2017):

@lunny, I'll ask OP first. @minecrafter, are you willing to submit a PR to gitea with your 2fa proof-of-concept?

@mmoya commented on GitHub (Jan 9, 2017): @lunny, I'll ask OP first. @minecrafter, are you willing to submit a PR to gitea with your 2fa proof-of-concept?
GiteaMirror commented 2025-11-02 03:06:33 -06:00
Author
Owner
Copy Link

@minecrafter commented on GitHub (Jan 9, 2017):

I'm assuming the only reason I was mentioned was because I did make this attempt to support 2FA from the parent project.

Unfortunately, I do not think I will have the time to continue working on projects like Gitea and Gogs. However, you are free to expand upon my initial work.

@minecrafter commented on GitHub (Jan 9, 2017): I'm assuming the only reason I was mentioned was because I did make [this attempt to support 2FA from the parent project](https://github.com/minecrafter/gogs/tree/2fa). ~~Unfortunately, I do not think I will have the time to continue working on projects like Gitea and Gogs. However, you are free to expand upon my initial work.~~
GiteaMirror commented 2025-11-02 03:06:34 -06:00
Author
Owner
Copy Link

@minecrafter commented on GitHub (Jan 9, 2017):

After getting some more background information, I might be willing to contribute two-factor authentication support to the project. I too have been a former Gogs contributor who was stalled by the maintainer.

@minecrafter commented on GitHub (Jan 9, 2017): After getting some more background information, I might be willing to contribute two-factor authentication support to the project. I too have been a former Gogs contributor who was stalled by the maintainer.
GiteaMirror commented 2025-11-02 03:06:34 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jan 9, 2017):

@minecrafter you are welcome back!

@lunny commented on GitHub (Jan 9, 2017): @minecrafter you are welcome back!
GiteaMirror commented 2025-11-02 03:06:34 -06:00
Author
Owner
Copy Link

@minecrafter commented on GitHub (Jan 9, 2017):

@lunny Thanks! 👍

@minecrafter commented on GitHub (Jan 9, 2017): @lunny Thanks! :+1:
GiteaMirror commented 2025-11-02 03:06:34 -06:00
Author
Owner
Copy Link

@minecrafter commented on GitHub (Jan 9, 2017):

A little update on the progress I've made:

It's largely working. You can log in with 2FA, disenroll and use scratch codes to log in case you lose access to your Gitea account.

Here's a small taste of what you're looking at:

screenshot from 2017-01-09 17-46-18

@minecrafter commented on GitHub (Jan 9, 2017): A little update on the progress I've made: It's largely working. You can log in with 2FA, disenroll and use scratch codes to log in case you lose access to your Gitea account. Here's a small taste of what you're looking at: ![screenshot from 2017-01-09 17-46-18](https://cloud.githubusercontent.com/assets/979956/21786822/fcac0b9e-d693-11e6-948f-c9670f2057ca.png)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/feature type/proposal
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#59
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?