summaryrefslogtreecommitdiff
path: root/doc/user/profile
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2021-01-20 13:34:23 -0600
committerRobert Speicher <rspeicher@gmail.com>2021-01-20 13:34:23 -0600
commit6438df3a1e0fb944485cebf07976160184697d72 (patch)
tree00b09bfd170e77ae9391b1a2f5a93ef6839f2597 /doc/user/profile
parent42bcd54d971da7ef2854b896a7b34f4ef8601067 (diff)
downloadgitlab-ce-6438df3a1e0fb944485cebf07976160184697d72.tar.gz
Add latest changes from gitlab-org/gitlab@13-8-stable-eev13.8.0-rc42
Diffstat (limited to 'doc/user/profile')
-rw-r--r--doc/user/profile/account/two_factor_authentication.md41
-rw-r--r--doc/user/profile/index.md27
-rw-r--r--doc/user/profile/notifications.md4
-rw-r--r--doc/user/profile/personal_access_tokens.md2
4 files changed, 46 insertions, 28 deletions
diff --git a/doc/user/profile/account/two_factor_authentication.md b/doc/user/profile/account/two_factor_authentication.md
index c25535cbf65..6cdd2d6f161 100644
--- a/doc/user/profile/account/two_factor_authentication.md
+++ b/doc/user/profile/account/two_factor_authentication.md
@@ -245,7 +245,7 @@ Search for `security.webauth.u2f` and double click on it to toggle to `true`.
To set up 2FA with a U2F device:
-1. Log in to your GitLab account.
+1. Sign in to your GitLab account.
1. Go to your [**Profile settings**](../index.md#profile-settings).
1. Go to **Account**.
1. Click **Enable Two-Factor Authentication**.
@@ -298,11 +298,11 @@ NOTE:
Recovery codes are not generated for U2F / WebAuthn devices.
WARNING:
-Each code can be used only once to log in to your account.
+Each code can be used only once to sign in to your account.
Immediately after successfully enabling two-factor authentication, you're
prompted to download a set of generated recovery codes. Should you ever lose access
-to your one-time password authenticator, you can use one of these recovery codes to log in to
+to your one-time password authenticator, you can use one of these recovery codes to sign in to
your account. We suggest copying and printing them, or downloading them using
the **Download codes** button for storage in a safe place. If you choose to
download them, the file is called `gitlab-recovery-codes.txt`.
@@ -314,41 +314,41 @@ If you lose the recovery codes or just want to generate new ones, you can do so
from the [two-factor authentication account settings page](#regenerate-2fa-recovery-codes) or
[using SSH](#generate-new-recovery-codes-using-ssh).
-## Logging in with 2FA Enabled
+## Signing in with 2FA Enabled
-Logging in with 2FA enabled is only slightly different than a normal login.
+Signing in with 2FA enabled is only slightly different than the normal sign-in process.
Enter your username and password credentials as you normally would, and you're
presented with a second prompt, depending on which type of 2FA you've enabled.
-### Log in via a one-time password
+### Sign in by using a one-time password
When asked, enter the pin from your one time password authenticator's application or a
-recovery code to log in.
+recovery code to sign in.
-### Log in via U2F device
+### Sign in by using a U2F device
-To log in via a U2F device:
+To sign in by using a U2F device:
1. Click **Login via U2F Device**.
1. A light begins blinking on your device. Activate it by touching/pressing
its button.
A message displays, indicating that your device responded to the authentication
-request, and you're automatically logged in.
+request, and you're automatically signed in.
-### Log in via WebAuthn device
+### Sign in by using a WebAuthn device
In supported browsers you should be automatically prompted to activate your WebAuthn device
(e.g. by touching/pressing its button) after entering your credentials.
A message displays, indicating that your device responded to the authentication
-request and you're automatically logged in.
+request and you're automatically signed in.
## Disabling 2FA
If you ever need to disable 2FA:
-1. Log in to your GitLab account.
+1. Sign in to your GitLab account.
1. Go to your [**Profile settings**](../index.md#profile-settings).
1. Go to **Account**.
1. Click **Disable**, under **Two-Factor Authentication**.
@@ -356,6 +356,9 @@ If you ever need to disable 2FA:
This clears all your two-factor authentication registrations, including mobile
applications and U2F / WebAuthn devices.
+Support for disabling 2FA is limited, depending on your subscription level. For more information, see the
+[Account Recovery](https://about.gitlab.com/support/#account-recovery) section of our website.
+
## Personal access tokens
When 2FA is enabled, you can no longer use your normal account password to
@@ -393,9 +396,13 @@ a new set of recovery codes with SSH:
1. Run:
```shell
- ssh git@gitlab.example.com 2fa_recovery_codes
+ ssh git@gitlab.com 2fa_recovery_codes
```
+ NOTE:
+ On self-managed instances, replace **`gitlab.com`** in the command above
+ with the GitLab server hostname (`gitlab.example.com`).
+
1. You are prompted to confirm that you want to generate new codes.
Continuing this process invalidates previously saved codes:
@@ -465,9 +472,9 @@ Sign in and re-enable two-factor authentication as soon as possible.
For example, if a user is trying to access a GitLab instance from `first.host.xyz` and `second.host.xyz`:
- - The user logs in via `first.host.xyz` and registers their U2F key.
- - The user logs out and attempts to log in via `first.host.xyz` - U2F authentication succeeds.
- - The user logs out and attempts to log in via `second.host.xyz` - U2F authentication fails, because
+ - The user signs in by using `first.host.xyz` and registers their U2F key.
+ - The user signs out and attempts to sign in by using `first.host.xyz` - U2F authentication succeeds.
+ - The user signs out and attempts to sign in by using `second.host.xyz` - U2F authentication fails, because
the U2F key has only been registered on `first.host.xyz`.
- To enforce 2FA at the system or group levels see [Enforce Two-factor Authentication](../../../security/two_factor_authentication.md).
diff --git a/doc/user/profile/index.md b/doc/user/profile/index.md
index d60fb528499..a96975fea92 100644
--- a/doc/user/profile/index.md
+++ b/doc/user/profile/index.md
@@ -203,11 +203,12 @@ If you previously selected the "Busy" checkbox, remember to deselect it when you
## Busy status indicator
-> - Introduced in GitLab 13.6.
-> - It's [deployed behind a feature flag](../feature_flags.md), disabled by default.
-> - It's disabled on GitLab.com.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259649) in GitLab 13.6.
+> - It was [deployed behind a feature flag](../feature_flags.md), disabled by default.
+> - [Became enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/281073) in GitLab 13.8.
+> - It's enabled on GitLab.com.
> - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-busy-status-feature).
+> - For GitLab self-managed instances, GitLab administrators can opt to [disable it](#disable-busy-status-feature).
To indicate to others that you are busy, you can set an indicator
@@ -228,10 +229,16 @@ To set the busy status indicator, either:
1. Click **Edit profile** (**{pencil}**).
1. Select the **Busy** checkbox
-### Enable busy status feature
+### Disable busy status feature
-The busy status feature is deployed behind a feature flag and is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md) can enable it for your instance from the [rails console](../../administration/feature_flags.md#start-the-gitlab-rails-console).
+The busy status feature is deployed behind a feature flag and is **enabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md) can disable it for your instance from the [rails console](../../administration/feature_flags.md#start-the-gitlab-rails-console).
+
+To disable it:
+
+```ruby
+Feature.disable(:set_user_availability_status)
+```
To enable it:
@@ -288,7 +295,7 @@ git config --global user.email <your email address>
When signing in to the main GitLab application, a `_gitlab_session` cookie is
set. `_gitlab_session` is cleared client-side when you close your browser
and expires after "Application settings -> Session duration (minutes)"/`session_expire_delay`
-(defaults to `10080` minutes = 7 days).
+(defaults to `10080` minutes = 7 days) of no activity.
When signing in to the main GitLab application, you can also check the
"Remember me" option which sets the `remember_user_token`
@@ -316,7 +323,9 @@ The `remember_user_token` lifetime of a cookie can now extend beyond the deadlin
GitLab uses both session and persistent cookies:
-- Session cookie: Session cookies are normally removed at the end of the browser session when the browser is closed. The `_gitlab_session` cookie has no expiration date.
+- Session cookie: Session cookies are normally removed at the end of the browser session when
+ the browser is closed. The `_gitlab_session` cookie has no fixed expiration date. However,
+ it expires based on its [`session_expire_delay`](#why-do-i-keep-getting-signed-out).
- Persistent cookie: The `remember_user_token` is a cookie with an expiration date of two weeks. GitLab activates this cookie if you click Remember Me when you sign in.
By default, the server sets a time-to-live (TTL) of 1-week on any session that is used.
diff --git a/doc/user/profile/notifications.md b/doc/user/profile/notifications.md
index 8974505cf02..38ef01b7537 100644
--- a/doc/user/profile/notifications.md
+++ b/doc/user/profile/notifications.md
@@ -146,13 +146,15 @@ Users are notified of the following events:
| New email added | User | Security email, always sent. |
| Email changed | User | Security email, always sent. |
| Password changed | User | Security email, always sent when user changes their own password |
-| Password changed by administrator | User | Security email, always sent when an administrator changes the password of another user |
+| Password changed by administrator | User | Security email, always sent when an administrator changes the password of another user |
| Two-factor authentication disabled | User | Security email, always sent. |
| New user created | User | Sent on user creation, except for OmniAuth (LDAP)|
| User added to project | User | Sent when user is added to project |
| Project access level changed | User | Sent when user project access level is changed |
| User added to group | User | Sent when user is added to group |
| Group access level changed | User | Sent when user group access level is changed |
+| Personal Access Tokens expiring soon <!-- Do not delete or lint this instance of future tense --> | User | Security email, always sent. |
+| Personal Access Tokens have expired | User | Security email, always sent. |
| Project moved | Project members (1) | (1) not disabled |
| New release | Project members | Custom notification |
diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md
index cfc70c5a6f0..49889cd3017 100644
--- a/doc/user/profile/personal_access_tokens.md
+++ b/doc/user/profile/personal_access_tokens.md
@@ -112,7 +112,7 @@ token = PersonalAccessToken.find_by_token('token-string-here123')
token.revoke!
```
-This can be shorted into a single-line shell command using the
+This can be shortened into a single-line shell command using the
[Rails runner](../../administration/troubleshooting/debug.md#using-the-rails-runner):
```shell