Commit 043b8415 authored by charlie ablett's avatar charlie ablett

Merge branch '320970-enforce-ssh-key-expiration-by-default' into 'master'

Enforce SSH key expiration by default

See merge request gitlab-org/gitlab!62432
parents 583b94e6 f023457f
%p
= _('Hi %{username}!') % { username: sanitize_name(@user.name) }
%p
= _('Your SSH keys with the following fingerprints have expired. Expired SSH keys will not be usable in future versions of GitLab:')
= _('SSH keys with the following fingerprints have expired and can no longer be used:')
%table
%tbody
- @fingerprints.each do |fingerprint|
......
<%= _('Hi %{username}!') % { username: sanitize_name(@user.name) } %>
<%= _('Your SSH keys with the following fingerprints have expired. Expired SSH keys will not be usable in future versions of GitLab:') %>
<%= _('SSH keys with the following fingerprints have expired and can no longer be used:') %>
<% @fingerprints.each do |fingerprint| %>
- <%= fingerprint %>
......
<%= _('Hi %{username}!') % { username: sanitize_name(@user.name) } %>
<%= _('Your SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys will not be usable in future versions of GitLab:') %>
<%= _('SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys can not be used:') %>
<% @fingerprints.each do |fingerprint| %>
- <%= fingerprint %>
......
%p
= _('Hi %{username}!') % { username: sanitize_name(@user.name) }
%p
= _('Your SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys will not be usable in future versions of GitLab:')
= _('SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys can not be used:')
%table
%tbody
- @fingerprints.each do |fingerprint|
......
# frozen_string_literal: true
class DefaultEnforceSshKeyExpiration < ActiveRecord::Migration[6.0]
def change
change_column_default(:application_settings, :enforce_ssh_key_expiration, from: false, to: true)
end
end
# frozen_string_literal: true
class EnableEnforceSshKeyExpiration < ActiveRecord::Migration[6.0]
class ApplicationSetting < ActiveRecord::Base
self.table_name = 'application_settings'
end
def up
ApplicationSetting.reset_column_information
ApplicationSetting.where.not(enforce_ssh_key_expiration: false).each do |application_setting|
application_setting.update!(enforce_ssh_key_expiration: true)
end
end
end
e569b99998d9c670af17ec747e37726671601ba06fa97da83373649adb3aab31
\ No newline at end of file
38dcfcd162a3b49a9b16b45b2f9818275807bf419880729b5c552bccb0d4dc9e
\ No newline at end of file
......@@ -9488,7 +9488,7 @@ CREATE TABLE application_settings (
rate_limiting_response_text text,
invisible_captcha_enabled boolean DEFAULT false NOT NULL,
container_registry_cleanup_tags_service_max_list_size integer DEFAULT 200 NOT NULL,
enforce_ssh_key_expiration boolean DEFAULT false NOT NULL,
enforce_ssh_key_expiration boolean DEFAULT true NOT NULL,
git_two_factor_session_expiry integer DEFAULT 15 NOT NULL,
keep_latest_artifact boolean DEFAULT true NOT NULL,
notes_create_limit integer DEFAULT 300 NOT NULL,
......@@ -189,22 +189,18 @@ Once a lifetime for personal access tokens is set, GitLab:
## Enforce SSH key expiration **(ULTIMATE SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9.
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/320970) in GitLab 14.0.
By default, expired SSH keys **can still be used**.
By default, expired SSH keys **are not usable**.
WARNING:
Allowing use of expired SSH keys by default is deprecated and scheduled to change in GitLab 14.0.
To prevent the use of expired SSH keys:
To allow the use of expired SSH keys:
1. Navigate to **Admin Area > Settings > General**.
1. Expand the **Account and limit** section.
1. Select the **Enforce SSH key expiration** checkbox.
Enforcing SSH key expiration immediately disables all expired SSH keys.
1. Uncheck the **Enforce SSH key expiration** checkbox.
For more information, see the following issue on [SSH key expiration](https://gitlab.com/gitlab-org/gitlab/-/issues/320970).
Disabling SSH key expiration immediately enables all expired SSH keys.
## Do not enforce Personal Access Token expiration **(ULTIMATE SELF)**
......
......@@ -28342,6 +28342,12 @@ msgstr ""
msgid "SSH keys allow you to establish a secure connection between your computer and GitLab."
msgstr ""
msgid "SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys can not be used:"
msgstr ""
msgid "SSH keys with the following fingerprints have expired and can no longer be used:"
msgstr ""
msgid "SSH public key"
msgstr ""
......@@ -37638,12 +37644,6 @@ msgstr ""
msgid "Your SSH keys (%{count})"
msgstr ""
msgid "Your SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys will not be usable in future versions of GitLab:"
msgstr ""
msgid "Your SSH keys with the following fingerprints have expired. Expired SSH keys will not be usable in future versions of GitLab:"
msgstr ""
msgid "Your To-Do List"
msgstr ""
......
......@@ -264,7 +264,7 @@ RSpec.describe Emails::Profile do
include_examples 'valid use case'
it_behaves_like 'has the correct subject', /Your SSH key has expired/
it_behaves_like 'has the correct body text', /Your SSH keys with the following fingerprints have expired/
it_behaves_like 'has the correct body text', /SSH keys with the following fingerprints have expired/
end
context 'when invalid' do
......@@ -291,7 +291,7 @@ RSpec.describe Emails::Profile do
include_examples 'valid use case'
it_behaves_like 'has the correct subject', /Your SSH key is expiring soon/
it_behaves_like 'has the correct body text', /Your SSH keys with the following fingerprints are scheduled to expire soon/
it_behaves_like 'has the correct body text', /SSH keys with the following fingerprints are scheduled to expire soon/
end
context 'when invalid' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment