How to reset GitLab user password of a normal user via UI ?
(Via command line it is possible using rake)
We are using an on-premise GitLab community edition
To change/reset your own GitLab user password: see change your password
As a GitLab administrator, to (re)set another user's password in the UI:
Navigate to Admin Area -> Users
Locate the user whose password you want to reset
Click "edit"
Enter new password (and again in confirmation field)
Click "save"
As you mentioned, you can also use a rake task or rails console.
Related
I wanted to change my username on GitLab so I followed the following procedure:
Navigate to your profile's Settings > Account.
Enter a new username under Change username.
Click Update username.
After clicking on update nothing seem to change so I refreshed the page and I receive the following error:
Your account has been blocked. Please contact your GitLab administrator if you think this is an error.
How do I unblock my account?
PS: I opened a GitLab SaaS account
This thread mentions
Check <external_url>/admin/application_settings/general > expand Sign-up Restrictions, and verify if the checkbox for Send confirmation email on sign-up is checked or unchecked?
Having that setting enabled will send a confirmation email, and for that user to be “unlocked”, it requires the confirmation link in the confirmation email is clicked.
If you’re creating a user with Ansible and the confirmation email isn’t received and the link it contains clicked, it would cause the “user is blocked” error you’re seeing.
If you did not check the box for this requirement, I suspect the default setting might’ve changed in 12.9.x. Do you notice if this checkbox was checked before upgrading?
Unchecking the box, or manually “confirming” the email of your Ansible-created user in the GitLab Admin UI should remove the block on this user.
In your case, since you are changing the user manually, see if:
the IP is blocked (try from another network/device)
if you have an IDE opened with a GitLab repository accessed through HTTPS: the IDE might need to refresh the Git repository state periodically, and would be using the old credentials (old username).
The OP goutam thakur confirms in the comments:
My account was unblocked after I submitted a request through the form "Gitlab.com (SaaS) user accounts and login issues".
I just started using gitlab and used google open ID.
I cloned a repository and its asking me for a username and password.
How do I know what my password is ?
To check your username, just visit GitLab.com and check the bottom-left corner. You should see your username there (cabargas in my example):
Then visit the password section of your profile on GitLab.com and set-up your password there.
i changed the gitlab server. On the old i had created a backup and now i had imported the backup into the new system. Everyting works!
Now i have the issue, that i can't login because of the Two-factor authentication. I think, that the secret salt changend.
This is the log:
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"otp_attempt"=>"[FILTERED]"}}
Completed 500 Internal Server Error in 10ms (ActiveRecord: 0.9ms)
OpenSSL::Cipher::CipherError (bad decrypt):
app/controllers/sessions_controller.rb:95:in valid_otp_attempt?'
app/controllers/sessions_controller.rb:63:in authenticate_with_two_factor'
How can i disable the Two-factor authentication for one user?
greetings
Gitlab has updated the command to disable two-factor authentication for all users to this:
sudo gitlab-rails runner 'User.find_each(&:disable_two_factor!)'
#poldixd's answer should still work. If it doesn't try setting encrypted_opt_secret to nil instead of "".
Found this here:
https://gitlab.com/gitlab-org/gitlab-ce/issues/1960
For anyone looking on how to disable 2FA only for a single user. I found a working solution to be:
User.where(username: "username_goes_here").each(&:disable_two_factor!)
This command turn of the Two-factor authentication for all users:sudo gitlab-rails runner 'User.update_all(otp_required_for_login: false, encrypted_otp_secret: "")'
For a installation from source you can run
cd /home/git/gitlab
sudo -u git -H bundle exec rails console production
to get a rails console and then enter
User.update_all(otp_required_for_login: false, encrypted_otp_secret: nil, encrypted_otp_secret_iv: nil, encrypted_otp_secret_salt: nil, otp_backup_codes: nil)
to run the command.
I disable 2FA for a Gitlab Docker for all users with:
sudo -u git -H bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
I realise that the OP is old but I have just encountered this for the first time and put together the following steps that enable resetting 2FA on a user's account:
Sign in as a Gitlab Admin.
Find the locked out user through the Admin\Users panel.
Reset the user's password to a temporary password (keep a copy).
Open the locked out user's profile.
In the top right corner click "Impersonate".
Now as the user click on "Edit Profile".
Click Accounts, click "Manage two factor authentication".
Enter the password from Step 3 and then either:
a. Click "Disabled two-factor authentication" and let the user re-enable, or
b. Click "Regenerate recovery codes" and pass these to the user.
In either case you'll also need to provide the new temporary password to the user.
With GitLab 15.2 (July 2022), there is now an official API endpoint:
(for the self-managed instance only, not for the SaaS gitlab.com one)
Disable user 2FA using API
Administrators can disable 2FA for specific users using the API. This is useful when a user has lost or forgotten their backup codes for their primary token generator.
After the administrator disables 2FA for that user, the user can set up 2FA from scratch.
See Documentation and Issue.
So:
Pre-requisite:
You must be an administrator.
Disables two factor authentication (2FA) for the specified user.
Administrators cannot disable 2FA for their own user account or other administrators using the API.
Instead, they can disable an administrator’s 2FA using the Rails console.
PATCH /users/:id/disable_two_factor
curl --request PATCH --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/users/1/disable_two_factor"
I want to setup a gitlab instance for internal use. Since the instance can only be reached over a local network I haven't setup the email setup. Unfortunately gitlab still wants to sent new users confirmation emails with a temporary password, but they never receive this email.
Is there a way to configure gitlab so that it doesn't send these confirmation mails? I already tried to set email_enabled: false in gitlab.yml but it didn't work.
Update:
It should work without me having to interfere manually in the signup process.
Admin can confirm user manually!
Login gitlab with admin account and create a new user (Mini), ignore password.
Admin area ---> users ---> edit Mini user ---> set password.
User Mini can login gitlab.
I think GitLab takes security seriously and from what I have seen so far, it looks like either your users need to confirm their accounts or an admin has to confirm manually.
I've setup Jenkins, and it's working well. It uses the Perforce plugin as the SCM, and builds automatically upon a checkin. My issue is that when a user makes a commit to the tree it auto creates a user account on the system, but no password is set, and the user cannot login.
The system is secured on a intranet, and I have set Jenkins to use "Jenkins own user database" and "Logged in users can do anything". Problem is I can't find any way for someone to log in once they have made a commit, there username is shown in the list of auto-created accounts, but no password is ever sent. Is there a default password, or a way to reset?
The system is running on Ubuntu 12 with Tomcat7 serving the Jenkins front end.
Users created by SCM are not "full" users. They are created for purposes of showing SCM changes and receiving e-mails. Therefore they need to sign up (using 'Sign Up' icon that appears to the left of of 'log in' icon in the upper right corner) and provide their password. It is advisable for the username to match the SCM name.
Alternatively, a user with a "full" account can go to http://<jenkins-server>/people/ -> click on username -> click on Configure link to the left, and configure the user (I'm not 100% sure if this will work, though, try it).
With version 1.517, signing up didn't work and gave the "User name is already taken" error.
However you can go to to http://<jenkins-server>/user/<autogenerated username>/configure and set a password for the SCM user, which converts them into a full Jenkins user.
Go to `Manage Jenkins -> scroll down
click on "Manage User" -> see userId -> click on setting symbol right side of user id(admin)->change the password field->click on save.
Now you can login with new credentials