Files
MokoGitea-Fork/routers/web/org/require2fa.go
T
Jonathan Miller 1032ae4268
Branch Policy Check / Verify merge target (pull_request) Has been cancelled
PR RC Release / Build RC Release (pull_request) Has been cancelled
feat: organization-level 2FA requirement for members (#208)
Adds a Require2FA toggle to organization settings. When enabled,
org members without 2FA are redirected to the security settings
page with a warning flash message.

Changes:
- New Require2FA field on User model (migration v333)
- Org settings UI checkbox with shield-lock icon
- Check2FARequirement middleware on member-required org routes
- UpdateOptions extended with Require2FA field

Closes #208

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-26 13:11:15 -05:00

40 lines
1.1 KiB
Go

// Copyright 2026 Moko Consulting <hello@mokoconsulting.tech>
// SPDX-License-Identifier: GPL-3.0-or-later
package org
import (
"net/http"
auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/context"
)
// Check2FARequirement checks if the current org requires 2FA and if the user has it enabled.
// If the user doesn't have 2FA and the org requires it, redirect to 2FA setup page.
func Check2FARequirement(ctx *context.Context) {
if ctx.Org == nil || ctx.Org.Organization == nil || ctx.Doer == nil {
return
}
if !ctx.Org.Organization.Require2FA {
return
}
// Check if user has 2FA enabled
has, err := auth_model.HasTwoFactorOrWebAuthn(ctx, ctx.Doer.ID)
if err != nil {
ctx.ServerError("HasTwoFactorOrWebAuthn", err)
return
}
if has {
return
}
// User doesn't have 2FA — show warning and redirect to settings
ctx.Flash.Warning("This organization requires two-factor authentication. Please enable 2FA to continue.")
ctx.Redirect(setting.AppSubURL + "/user/settings/security")
}