From daf5ae5bd439f1f32363d410129d5b9e73fbb539 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 26 Aug 2022 14:36:54 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@15-3-stable-ee --- doc/topics/git/troubleshooting_git.md | 5 ++++ doc/user/packages/dependency_proxy/index.md | 4 +++ doc/user/packages/pypi_repository/index.md | 5 ++++ .../profile/account/two_factor_authentication.md | 33 ++++++++++++++++++++++ 4 files changed, 47 insertions(+) (limited to 'doc') diff --git a/doc/topics/git/troubleshooting_git.md b/doc/topics/git/troubleshooting_git.md index 36c26a02064..484f3a100bf 100644 --- a/doc/topics/git/troubleshooting_git.md +++ b/doc/topics/git/troubleshooting_git.md @@ -267,3 +267,8 @@ To resolve this issue, you can update the password expiration by either: ``` The bug was reported [in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/332455). + +## Error on Git fetch: "HTTP Basic: Access Denied" + +If you receive an `HTTP Basic: Access denied` error when using Git over HTTP(S), +refer to the [two-factor authentication troubleshooting guide](../../user/profile/account/two_factor_authentication.md#troubleshooting). diff --git a/doc/user/packages/dependency_proxy/index.md b/doc/user/packages/dependency_proxy/index.md index ea9435de12a..b570bba73e5 100644 --- a/doc/user/packages/dependency_proxy/index.md +++ b/doc/user/packages/dependency_proxy/index.md @@ -299,6 +299,10 @@ hub_docker_quota_check: ## Troubleshooting +## Authentication error: "HTTP Basic: Access Denied" + +If you receive an `HTTP Basic: Access denied` error when authenticating against the Dependency Proxy, refer to the [two-factor authentication troubleshooting guide](../../profile/account/two_factor_authentication.md#troubleshooting). + ### Dependency Proxy Connection Failure If a service alias is not set the `docker:20.10.16` image is unable to find the diff --git a/doc/user/packages/pypi_repository/index.md b/doc/user/packages/pypi_repository/index.md index b8996dc2963..ba9ecbe50a3 100644 --- a/doc/user/packages/pypi_repository/index.md +++ b/doc/user/packages/pypi_repository/index.md @@ -345,6 +345,11 @@ when a PyPI package is not found in the Package Registry, the request is forward Administrators can disable this behavior in the [Continuous Integration settings](../../admin_area/settings/continuous_integration.md). +WARNING: +When you use the `--index-url` option, do not specify the port if it is a default +port, such as `80` for a URL starting with `http` or `443` for a URL starting +with `https`. + ### Install from the project level To install the latest version of a package, use the following command: diff --git a/doc/user/profile/account/two_factor_authentication.md b/doc/user/profile/account/two_factor_authentication.md index 3af033c7130..02567958356 100644 --- a/doc/user/profile/account/two_factor_authentication.md +++ b/doc/user/profile/account/two_factor_authentication.md @@ -427,6 +427,39 @@ a GitLab global administrator disable 2FA for your account: ## Troubleshooting +### Error: "HTTP Basic: Access denied. The provided password or token ..." + +When making a request, you can receive the following error: + +```plaintext +HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal +access token instead of a password. +``` + +This error occurs in the following scenarios: + +- You have 2FA enabled and have attempted to authenticate with a username and + password. For 2FA-enabled users, a [personal access token](../personal_access_tokens.md) (PAT) + must be used instead of a password. To authenticate: + - Git requests over HTTP(S), a PAT with `read_repository` or `write_repository` scope is required. + - [GitLab Container Registry](../../packages/container_registry/index.md#authenticate-with-the-container-registry) requests, a PAT + with `read_registry` or `write_registry` scope is required. + - [Dependency Proxy](../../packages/dependency_proxy/index.md#authenticate-with-the-dependency-proxy) requests, a PAT with + `read_registry` and `write_registry` scopes is required. +- You do not have 2FA enabled and have sent an incorrect username or password + with your request. +- You do not have 2FA enabled but an administrator has enabled the + [enforce 2FA for all users](../../../security/two_factor_authentication.md#enforce-2fa-for-all-users) setting. +- You do not have 2FA enabled, but an administrator has disabled the + [password authentication enabled for Git over HTTP(S)](../../admin_area/settings/sign_in_restrictions.md#password-authentication-enabled) + setting. If LDAP is: + - Configured, an [LDAP password](../../../administration/auth/ldap/index.md) + or a [personal access token](../personal_access_tokens.md) + must be used to authenticate Git requests over HTTP(S). + - Not configured, you must use a [personal access token](../personal_access_tokens.md). + +### Error: "invalid pin code" + If you receive an `invalid pin code` error, this can indicate that there is a time sync issue between the authentication application and the GitLab instance itself. To avoid the time sync issue, enable time synchronization in the device that generates the codes. For example: -- cgit v1.2.1