2026-01-18 13:58:25 +00:00 · 2023-11-03 22:03:58 +01:00 · 2023-11-03 22:03:58 +01:00 · d7fc3877dc
commit d7fc3877dc
parent 800dae76dc e574613c9e
5 changed files with 9 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -2023,6 +2023,10 @@ Allow users with existing accounts to login and auto link their account via the

 Comma separated list if oauth providers to disallow access to `internal` projects. Users creating accounts via these providers will have access internal projects. Accepted values are `cas3`, `github`, `bitbucket`, `gitlab`, `google_oauth2`, `facebook`, `twitter`, `saml`, `crowd`, `auth0` and `azure_oauth2`. No default.

+##### `OAUTH_ALLOW_BYPASS_TWO_FACTOR`
+
+Specify oauth providers where users can sign in without using two-factor authentication (2FA). You can define this using an array of providers like `["twitter", "google_oauth2"]`. Setting this to `true` or `false` applies to all - allow all or none. Defaults to `false`.
+
 ##### `OAUTH_CAS3_LABEL`

 The "Sign in with" button label. Defaults to "cas3".
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@ -918,7 +918,7 @@ production: &base
    # This option should only be configured for providers which already have two factor.
    # This configration dose not apply to SAML.
    # (default: false)
-    allow_bypass_two_factor: null
+    allow_bypass_two_factor: {{OAUTH_ALLOW_BYPASS_TWO_FACTOR}}

    ## Auth providers
    # Uncomment the following lines and fill in the data of the auth provider you want to use
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@ -426,6 +426,7 @@ OAUTH_BLOCK_AUTO_CREATED_USERS=${OAUTH_BLOCK_AUTO_CREATED_USERS:-true}
 OAUTH_AUTO_LINK_LDAP_USER=${OAUTH_AUTO_LINK_LDAP_USER:-false}
 OAUTH_AUTO_LINK_SAML_USER=${OAUTH_AUTO_LINK_SAML_USER:-false}
 OAUTH_EXTERNAL_PROVIDERS=${OAUTH_EXTERNAL_PROVIDERS:-}
+OAUTH_ALLOW_BYPASS_TWO_FACTOR=${OAUTH_ALLOW_BYPASS_TWO_FACTOR:-false}

 ### GOOGLE
 OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-}
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@ -819,7 +819,8 @@ gitlab_configure_oauth() {
    OAUTH_AUTO_LINK_LDAP_USER \
    OAUTH_AUTO_LINK_SAML_USER \
    OAUTH_AUTO_LINK_USER \
-    OAUTH_EXTERNAL_PROVIDERS
+    OAUTH_EXTERNAL_PROVIDERS \
+    OAUTH_ALLOW_BYPASS_TWO_FACTOR

  case ${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER} in
    cas3|google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd|azure_oauth2|azure_activedirectory_v2|oauth2_generic|$OAUTH2_GENERIC_NAME)
--- a/contrib/docker-swarm/docker-compose.yml
+++ b/contrib/docker-swarm/docker-compose.yml
@ -99,6 +99,7 @@ services:
    - OAUTH_AUTO_LINK_LDAP_USER=false
    - OAUTH_AUTO_LINK_SAML_USER=false
    - OAUTH_EXTERNAL_PROVIDERS=
+    - OAUTH_ALLOW_BYPASS_TWO_FACTOR=false

    - OAUTH_CAS3_LABEL=cas3
    - OAUTH_CAS3_SERVER=