diff options
Diffstat (limited to 'doc/user/profile')
| -rw-r--r-- | doc/user/profile/account/create_accounts.md | 5 | ||||
| -rw-r--r-- | doc/user/profile/account/delete_account.md | 3 | ||||
| -rw-r--r-- | doc/user/profile/account/two_factor_authentication.md | 12 | ||||
| -rw-r--r-- | doc/user/profile/active_sessions.md | 2 | ||||
| -rw-r--r-- | doc/user/profile/img/unknown_sign_in_email_v13_1.png | bin | 0 -> 20230 bytes | |||
| -rw-r--r-- | doc/user/profile/index.md | 27 | ||||
| -rw-r--r-- | doc/user/profile/notifications.md | 7 | ||||
| -rw-r--r-- | doc/user/profile/personal_access_tokens.md | 55 | ||||
| -rw-r--r-- | doc/user/profile/preferences.md | 23 | ||||
| -rw-r--r-- | doc/user/profile/unknown_sign_in_notification.md | 11 |
10 files changed, 135 insertions, 10 deletions
diff --git a/doc/user/profile/account/create_accounts.md b/doc/user/profile/account/create_accounts.md index 27aa57e7f99..26c2c1bed89 100644 --- a/doc/user/profile/account/create_accounts.md +++ b/doc/user/profile/account/create_accounts.md @@ -1,5 +1,8 @@ --- type: reference +stage: Manage +group: Access +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- # Creating users **(CORE ONLY)** @@ -32,5 +35,5 @@ You can also [create users through the API](../../../api/users.md) as an admin. Users will be: -- Automatically created upon first login with the [LDAP integration](../../../administration/auth/ldap.md). +- Automatically created upon first login with the [LDAP integration](../../../administration/auth/ldap/index.md). - Created when first logging in via an [OmniAuth provider](../../../integration/omniauth.md) if the `allow_single_sign_on` setting is present. diff --git a/doc/user/profile/account/delete_account.md b/doc/user/profile/account/delete_account.md index c9193c6d94c..3c6f2989091 100644 --- a/doc/user/profile/account/delete_account.md +++ b/doc/user/profile/account/delete_account.md @@ -1,5 +1,8 @@ --- type: howto +stage: Manage +group: Access +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- # Deleting a User account diff --git a/doc/user/profile/account/two_factor_authentication.md b/doc/user/profile/account/two_factor_authentication.md index ac0835911d2..bfcaeaf6a15 100644 --- a/doc/user/profile/account/two_factor_authentication.md +++ b/doc/user/profile/account/two_factor_authentication.md @@ -1,5 +1,8 @@ --- type: howto +stage: Manage +group: Access +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- # Two-Factor Authentication @@ -65,19 +68,22 @@ in a safe place. ### Enable 2FA via U2F device +> Introduced in [GitLab 8.9](https://about.gitlab.com/blog/2016/06/22/gitlab-adds-support-for-u2f/). + GitLab officially only supports [YubiKey](https://www.yubico.com/products/) -U2F devices, but users have successfully used [SoloKeys](https://solokeys.com/). +U2F devices, but users have successfully used [SoloKeys](https://solokeys.com/) +or [Google Titan Security Key](https://cloud.google.com/titan-security-key). The U2F workflow is [supported by](https://caniuse.com/#search=U2F) the following desktop browsers: - Chrome - Edge -- Firefox (disabled by default) +- Firefox 67+ - Opera NOTE: **Note:** -For Firefox, you can enable the FIDO U2F API in +For Firefox 47-66, you can enable the FIDO U2F API in [about:config](https://support.mozilla.org/en-US/kb/about-config-editor-firefox). Search for `security.webauth.u2f` and double click on it to toggle to `true`. diff --git a/doc/user/profile/active_sessions.md b/doc/user/profile/active_sessions.md index 408276127a2..4dbb11b581d 100644 --- a/doc/user/profile/active_sessions.md +++ b/doc/user/profile/active_sessions.md @@ -19,7 +19,7 @@ review the sessions, and revoke any you don't recognize. ## Active sessions limit -> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/31611) in GitLab 12.6. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/31611) in GitLab 12.6. GitLab allows users to have up to 100 active sessions at once. If the number of active sessions exceeds 100, the oldest ones are deleted. diff --git a/doc/user/profile/img/unknown_sign_in_email_v13_1.png b/doc/user/profile/img/unknown_sign_in_email_v13_1.png Binary files differnew file mode 100644 index 00000000000..586be483be9 --- /dev/null +++ b/doc/user/profile/img/unknown_sign_in_email_v13_1.png diff --git a/doc/user/profile/index.md b/doc/user/profile/index.md index 383c7fe73aa..663a2888ee7 100644 --- a/doc/user/profile/index.md +++ b/doc/user/profile/index.md @@ -1,5 +1,8 @@ --- type: index, howto +stage: Manage +group: Access +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- # User account @@ -147,7 +150,7 @@ To add links to other accounts: ## Private contributions -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/14078) in GitLab 11.3. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/14078) in GitLab 11.3. Enabling private contributions will include contributions to private projects, in the user contribution calendar graph and user recent activity. @@ -250,7 +253,27 @@ When the `_gitlab_session` expires or isn't available, GitLab uses the `remember to get you a new `_gitlab_session` and keep you signed in through browser restarts. After your `remember_user_token` expires and your `_gitlab_session` is cleared/expired, -you will be asked to sign in again to verify your identity (which is for security reasons). +you will be asked to sign in again to verify your identity for security reasons. + +### Increased sign-in time + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/20340) in GitLab 13.1. + +The `remember_user_token` lifetime of a cookie can now extend beyond the deadline set by `config.remember_for`, as the `config.extend_remember_period` flag is now set to true. + +GitLab uses both session and persistent cookies: + +- Session cookie: Session cookies are normally removed at the end of the browser session when the browser is closed. The `_gitlab_session` cookie has no expiration date. +- Persistent cookie: The `remember_me_token` is a cookie with an expiration date of two weeks. GitLab activates this cookie if you click Remember Me when you sign in. + +By default, the server sets a time-to-live (TTL) of 1-week on any session that is used. + +When you close a browser, the session cookie may still remain. For example, Chrome has the "Continue where you left off" option that restores session cookies. +In other words, as long as you access GitLab at least once every 2 weeks, you could remain signed in with GitLab, as long as your browser tab is open. +The server continues to reset the TTL for that session, independent of whether 2FA is installed, +If you close your browser and open it up again, the `remember_user_token` cookie allows your user to reauthenticate itself. + +Without the `config.extend_remember_period` flag, you would be forced to sign in again after two weeks. <!-- ## Troubleshooting diff --git a/doc/user/profile/notifications.md b/doc/user/profile/notifications.md index ae00f3ace57..ee228050945 100644 --- a/doc/user/profile/notifications.md +++ b/doc/user/profile/notifications.md @@ -1,5 +1,8 @@ --- disqus_identifier: 'https://docs.gitlab.com/ee/workflow/notifications.html' +stage: Plan +group: Project Management +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- # GitLab Notification Emails @@ -163,7 +166,7 @@ In most of the below cases, the notification will be sent to: - Custom: Users with notification level "custom" who turned on notifications for any of the events present in the table below NOTE: **Note:** -To minimize the number of notifications that do not require any action, from [GitLab 12.9 onwards](https://gitlab.com/gitlab-org/gitlab/issues/616), eligible approvers are no longer notified for all the activities in their projects. To receive them they have to change their user notification settings to **Watch** instead. +To minimize the number of notifications that do not require any action, from [GitLab 12.9 onwards](https://gitlab.com/gitlab-org/gitlab/-/issues/616), eligible approvers are no longer notified for all the activities in their projects. To receive them they have to change their user notification settings to **Watch** instead. | Event | Sent to | |------------------------|---------| @@ -237,4 +240,4 @@ reason `assigned` will have this sentence in the footer: - `You are receiving this email because you have been assigned an item on <configured GitLab hostname>.` NOTE: **Note:** -Notification of other events is being considered for inclusion in the `X-GitLab-NotificationReason` header. For details, see this [related issue](https://gitlab.com/gitlab-org/gitlab/issues/20689). +Notification of other events is being considered for inclusion in the `X-GitLab-NotificationReason` header. For details, see this [related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/20689). diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md index 87c1fe4007a..e2c3dc74cf1 100644 --- a/doc/user/profile/personal_access_tokens.md +++ b/doc/user/profile/personal_access_tokens.md @@ -1,5 +1,8 @@ --- type: concepts, howto +stage: Manage +group: Access +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- # Personal access tokens @@ -56,6 +59,58 @@ the following table. | `read_repository` | [GitLab 10.7](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/17894) | Allows read-only access (pull) to the repository through `git clone`. | | `write_repository` | [GitLab 11.11](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/26021) | Allows read-write access (pull, push) to the repository through `git clone`. Required for accessing Git repositories over HTTP when 2FA is enabled. | +## Programmatically creating a personal access token + +You can programmatically create a predetermined personal access token for use in +automation or tests. You will need sufficient access to run a +[Rails console session](../../administration/troubleshooting/debug.md#starting-a-rails-console-session) +for your GitLab instance. + +To create a token belonging to a user with username `automation-bot`, run the +following in the Rails console (`sudo gitlab-rails console`): + +```ruby +user = User.find_by_username('automation-bot') +token = user.personal_access_tokens.create(scopes: [:read_user, :read_repository], name: 'Automation token') +token.set_token('token-string-here123') +token.save! +``` + +This can be shortened into a single-line shell command using the +[GitLab Rails Runner](../../administration/troubleshooting/debug.md#using-the-rails-runner): + +```shell +sudo gitlab-rails runner "token = User.find_by_username('automation-bot').personal_access_tokens.create(scopes: [:read_user, :read_repository], name: 'Automation token'); token.set_token('token-string-here123'); token.save!" +``` + +NOTE: **Note:** +The token string must be 20 characters in length, or it will not be +recognized as a personal access token. + +The list of valid scopes and what they do can be found +[in the source code](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/auth.rb). + +## Programmatically revoking a personal access token + +You can programmatically revoke a personal access token. You will need +sufficient access to run a [Rails console session](../../administration/troubleshooting/debug.md#starting-a-rails-console-session) +for your GitLab instance. + +To revoke a known token `token-string-here123`, run the following in the Rails +console (`sudo gitlab-rails console`): + +```ruby +token = PersonalAccessToken.find_by_token('token-string-here123') +token.revoke! +``` + +This can be shorted into a single-line shell command using the +[GitLab Rails Runner](../../administration/troubleshooting/debug.md#using-the-rails-runner): + +```shell +sudo gitlab-rails runner "PersonalAccessToken.find_by_token('token-string-here123').revoke!" +``` + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/user/profile/preferences.md b/doc/user/profile/preferences.md index 55781b48a27..ccaea61ae4b 100644 --- a/doc/user/profile/preferences.md +++ b/doc/user/profile/preferences.md @@ -36,6 +36,29 @@ The default theme is Indigo. You can choose between 10 themes:  +## Dark mode + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28252) in GitLab 13.1 as an Alpha release. + +GitLab has started work on dark mode! The dark mode Alpha release is available in the +spirit of iteration and the lower expectations of +[Alpha versions](https://about.gitlab.com/handbook/product/#alpha). + +Progress on dark mode is tracked in the [Dark theme epic](https://gitlab.com/groups/gitlab-org/-/epics/2902). See the epic for: + +- A list of known issues. +- Our planned direction and next steps. + +If you find an issue that isn’t listed, please leave a comment on the epic or create a +new issue. + +Dark mode is available as a navigation theme, for MVC and compatibility reasons. In +the future, we plan to make it configurable in its own section along with support for +[different navigation themes](https://gitlab.com/gitlab-org/gitlab/-/issues/219512). + +NOTE: **Note:** +Dark theme currently only works with the 'Dark' syntax highlighting. + ## Syntax highlighting theme NOTE: **Note:** diff --git a/doc/user/profile/unknown_sign_in_notification.md b/doc/user/profile/unknown_sign_in_notification.md index 9400ead1922..200358bb050 100644 --- a/doc/user/profile/unknown_sign_in_notification.md +++ b/doc/user/profile/unknown_sign_in_notification.md @@ -1,5 +1,14 @@ +--- +type: concepts, howto +stage: Manage +group: Access +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + # Email notification for unknown sign-ins +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/27211) in GitLab 13.0. + When a user successfully signs in from a previously unknown IP address, GitLab notifies the user by email. In this way, GitLab proactively alerts users of potentially malicious or unauthorized sign-ins. @@ -13,4 +22,4 @@ There are two methods used to identify a known sign-in: ## Example email - + |
