Merge remote-tracking branch 'origin/release/13.4' into dev

docs/getting-started/my-account/README.md

@@ -104,32 +104,57 @@ Press the blue **Save** button in order to confirm the password changes.
 
 ## Two-factor authentication
 
-In order to activate the two-factor authentication for your OpenProject installation, navigate to your **My account** and choose the **Two-factor authentication** in the menu.
+In order to activate the two-factor authentication for your OpenProject installation, navigate to your **My account** and choose the **Two-factor authentication** in the menu. If you have not added any device yet, this list will be empty. 
 
 ![OpenProject my account two_factor authentication](openproject_my_account_two_factor_authentication.png)
 
-In order to register a new device for two-factor authentication, click the green button to add a **new 2FA device**.
+If you have already registered one or multiple 2FA devices, you will see the list of all activated 2FA devices here. You can change, which of them you prefer to have set a a default option.
+
+![List of all registered 2FA devices in OpenProject](openproject_my_account_2fa_overview.png)
+
+In order to register a new device for two-factor authentication, click the green button to add a **new 2FA device**. You will see the screen, where you will be able to see one or multiple of the following options, depending on what your system administrator has [activated for your instance](../../system-admin-guide/authentication/two-factor-authentication/): 
+
+- Mobile phone
+- App-based authenticator
+- WebAuth
+
+![](openproject_my_account_authentication_options.png)
 
 To receive the second factor, you can use an authentication app on your mobile phone, such as Google Authenticator or Authy. You have to enter the code that is displayed in the authentication app to your login.
 
 You can remove or approve 2FA applications by confirming your password. Note that this applies only to internally authenticated users.
 
-### Backup codes
+### Use your mobile phone
 
-If you are unable to access your two-factor devices, you can use a backup code to regain access to your account. Use the grey button **Generate backup codes** to generate a new set of backup codes.
+You can use your mobile phone as a 2FA device. The field *Identifier* will be pre-filled out, you will need to add your phone number and click the green **Continue** button. 
+
+![Add a new mobile phone as a 2FA device in OpenProject](openproject_my_account_two_factor_authentication_mobile.png)
 
-If you have created backup codes before, they will be invalidated and will no longer work.
 
 ### Use your app-based authenticator
 
 Register an application authenticator for use with OpenProject using the time-based one-time password authentication standard. Common examples are Google Authenticator or Authy.
 
 Click the grey **Register device** button to register an authentication app. Open your app and follow the instructions to add a new application. The easiest way is to scan the QR code. Otherwise, you can register the application manually by entering the displayed details.
 
-Click the blue **Continue** button to finish the registration.
+Click the green **Continue** button to finish the registration.
 
 ![openproject_my_account_authenticator_app](openproject_my_account_authenticator_app.png)
 
+### Use the WebAuth authentication
+
+Use Web Authentication to register a FIDO2 device (like a YubiKey) or  the secure enclave of your mobile device as a second factor. After you have chosen a name, you can click the green **Continue**  button. 
+
+![](openproject_my_account_authenticator_webauth.png)
+
+Your  browser will prompt you to present your WebAuthn device (depending on your operational system and your browser, your options may vary). When you have  done so, you are done registering the device.
+
+### Backup codes
+
+If you are unable to access your two-factor devices, you can use a backup code to regain access to your account. Use the grey button **Generate backup codes** to generate a new set of backup codes.
+
+If you have created backup codes before, they will be invalidated and will no longer work.
+
 ## Access tokens
 To view and manage your OpenProject access tokens navigate to **My account** and choose **Access tokens** from the menu. 
 Access tokens allow you to grant external applications access to resources in OpenProject. 

docs/installation-and-operations/configuration/README.md

@@ -424,7 +424,7 @@ OPENPROJECT_OVERRIDE__BCRYPT__COST__FACTOR="16"
 
 ## Database configuration and SSL
 
-Please see [this separate guide](./database/) on how to set a custom database connection string and optionally, require SSL/TTLS verification. 
+Please see [this separate guide](./database/) on how to set a custom database connection string and optionally, require SSL/TTLS verification.
 
 ## disable password login
 
@@ -589,7 +589,7 @@ You can optionally enable additional rules on API rate limiting as follows:
 
 `OPENPROJECT_RATE_LIMITING_API__V3=true`
 
-Additional application-level rate limiting rules will be added in the future. Additionally to these application level rules, use your load balancer / proxying web server to apply individual rate limiting rules using modules such as `ngx_http_limit_req_module` or `mod_security`. 
+Additional application-level rate limiting rules will be added in the future. Additionally to these application level rules, use your load balancer / proxying web server to apply individual rate limiting rules using modules such as `ngx_http_limit_req_module` or `mod_security`.
 
 ### Blacklisted routes
 
@@ -758,7 +758,7 @@ OPENPROJECT_2FA_ENFORCED="true"
 
 **Setting available strategies**
 
-By default, the TOTP strategy for phone authenticator apps is active.
+By default, the TOTP and WebAuthn strategie are active.
 
 If you have a [MessageBird account](https://www.messagebird.com/), you can setup a SMS 2FA by activating that strategy like so:
 

docs/security-and-privacy/statement-on-security/README.md

@@ -80,7 +80,7 @@ Admins can set a specific session duration in the system administration, so that
 
 ### Two-factor authentication
 
-Secure your authentication mechanisms with a second factor by TOTP standard (or SMS, depending on your instance) to be entered by users upon logging in.
+Secure your authentication mechanisms with a second factor by TOTP and WebAuthn standards (or SMS, depending on your instance) to be provided by users upon logging in.
 
 ### Security badge
 

docs/system-admin-guide/authentication/two-factor-authentication/README.md

@@ -36,8 +36,14 @@ By default, the allowed clock skew (difference in seconds between client and ser
 If you are trying to register a new device and keep getting failures even though the code appears correct,
 time drift between the device and the server is most likely the reason for it.
 
+## Basic 2FA using WebAuthn
+
+[WebAuthn](https://www.w3.org/TR/2019/REC-webauthn-1-20190304/) is a W3C standard for authentication on the web. It uses private-public key cryptography to verify the users identity. The private key is either secured on a hardware token or within the browser or a password manager.
+
+WebAuthn is supported by most modern browsers and is therefore enabled by default in OpenProject when 2FA is enabled.
+
 ## Advanced 2FA using MessageBird, Amazon SNS
 
-At the moment the advanced settings for improved security are only reachable on the by defining [configuration variables](../../../installation-and-operations/configuration/).
+At the moment the advanced settings for improved security are only reachable by defining [configuration variables](../../../installation-and-operations/configuration/).
 
-The how to is explained in the  configuration is explained in the [Two-factor authentication](../../../installation-and-operations/configuration/#two-factor-authentication) paragraph.
+Those methods are explained in the [Two-factor authentication](../../../installation-and-operations/configuration/#two-factor-authentication) paragraph.

docs/system-admin-guide/integrations/github-integration/README.md

@@ -110,7 +110,7 @@ In addition, in *Project settings* and *Modules* you will need to activate the G
 
 ![GitHub-module](Github-module-2647262.png)
 
-Seeing the 'GitHub' tab requires permission so the permission needs to be granted to all roles in a project allowed to see the tab.
+Seeing the 'GitHub' tab requires **Show GitHub content** permission, so this permission needs to be granted to all roles in a project allowed to see the tab.
 
 ### GitHub
 

docs/system-admin-guide/integrations/gitlab-integration/README.md

@@ -37,7 +37,7 @@ First you will need to create a user in OpenProject that has the permission to m
 
 ![GitLab role with required permissions in OpenProject](openproject-system-guide-gitlab-integration-role.png)
 
-This user will then  have to be **added to each project** with a role that allows them to see work packages and comment on them. 
+This user will then have to be **added to each project** with a role that allows them to see work packages and comment on them. 
 
 ![GitLab user added as member to project with respective role](openproject-system-guide-gitlab-integration-project-member.png)
 
@@ -48,15 +48,15 @@ Once the user is created you need to generate an OpenProject API token for this
 3. Go to [*Access Tokens*](../../../getting-started/my-account/#access-tokens)
 4. Click on **+ API token**
 
-> Make sure you copy the generated key an securely save it, as you will not be able to retrieve it later. 
+> Make sure you copy the generated key and securely save it, as you will not be able to retrieve it later. 
 
 You can then configure the necessary webhook in [GitLab](#gitlab).
 
-Finally you will need to activate the GitLabmodule under [Project settings](../../../user-guide/projects/project-settings/modules/) so that all information pulling through from GitLab will be shown in the work packages.
+Finally you will need to activate the GitLab module under [Project settings](../../../user-guide/projects/project-settings/modules/) so that all information pulling through from GitLab will be shown in the work packages.
 
 ![Activate a GitLab module in OpenProject](openproject-system-guide-gitlab-integration-project-modules.png)
 
-Seeing the **GitLab** tab requires permission (WHAT PERMISSION? PLEASE UPDATE) so the permission needs to be granted to all roles in a project allowed to see the tab. 
+Seeing the **GitLab** tab requires **Show GitLab content** permission, so this permission needs to be granted to all roles in a project allowed to see the tab. 
 
 ### GitLab
 
@@ -106,7 +106,7 @@ Once you are satisfied with the changes you can create a commit. Within the 'Git
 
 ![Copy a Git commit message in OpenProject](openproject-system-guide-gitlab-integration-git-snippets-commit-message.png)
 
-A URL pointing to a work package in the merge request description or a comment will link the two. The link needs to be in the MR and not in a commit, but GitLab will use the first commit message as the proposed branch description (as long as there is only one commit).
+A URL pointing to a work package in the merge request description or a comment will link the two. The link needs to be in the MR and not in a commit, but GitLab will use the first commit message as the proposed branch description (as long as there is only one commit). Alternatively you can also use 'OP#' as a work package reference in an issue or a MR title, in this case "OP#388", where 388 is the ID of the work package. 
 
 ![Commit message in a Git client](openproject-system-guide-gitlab-integration-commit-message-in-client.png)
 
@@ -116,7 +116,7 @@ Once the changes are made, you can create your merge request. Title and comment
 
 The branch description can be amended before a MR is created giving the opportunity to further describe the changes. To help with that, it is also possible to copy parts of the work package description since the description can be displayed in the markdown format. Links to additional work packages can also be included in the MR description.
 
-Rather than inserting a link to the work package you can also reference it just by adding "OP#388" to the pull request's description where 388 is the ID of the work package
+If you use OP# as a reference in an Issue or MR title, all comments will be replicated in OpenProject. However, sometimes you may only want to keep information about the status of an Issue/MR in OpenProject without your comments being published. In this case, you can use "PP#" as a reference. For example "PR#388".  This way the comments will not be published in OpenProject. If you only want to publish one of the comments from a private Issue/MR, you can use "OP#" directly in that comment. This way only that specific comment will be published in OpenProject, but the rest of the comments will remain private. [Read more](https://github.com/btey/openproject-gitlab-integration?tab=readme-ov-file#difference-between-op-and-pp).
 
 ![Open a GitLab merge request](openproject-system-guide-gitlab-integration-create-mr-detail.png)
 
@@ -150,4 +150,4 @@ You can either create a new issue in GitLab, or edit an already existing one. En
 
 Once you save your changes or create a GitLab issue, it will become visible under the **GitLab** tab in OpenProject. 
 
-![New GitLab issues shown in OpenProject work packages](openproject-system-guide-gitlab-integration-new-issues.png)
+![New GitLab issues shown in OpenProject work packages](openproject-system-guide-gitlab-integration-new-issues.png)

docs/user-guide/projects/project-lists/README.md

@@ -41,16 +41,26 @@ You can use this projects overview to **create a multi project status dashboard*
 
 > **Please note:** Project custom fields are an Enterprise add-on and will only be displayed here for Enterprise on-premises and Enterprise cloud.
 
-With the **arrow** on the right you can display the **project description**.
+Each project is displayed in a single line. For the the fields where the text is too long to be displayed completely please use the **Expand** link. 
 
-![Open a project description in the project lists view in OpenProject](arrow-project-description.png)
+
+
+![Open a project description in the project lists view in OpenProject](expand-link-project-description.png)
 
 With the horizontal **three dots** icon on the right side of the list you can open **further features**, such as [creating a new subproject](../#create-a-subproject), [project settings](../project-settings), [archiving a project](../#archive-a-project), [copying](../#copy-a-project) and [deleting a project](../#delete-a-project). Please note that you have to be a System Administrator in OpenProject to access these features. Find out how to un-archive projects [here](../#archive-a-project).
 
 ![new subproject project list](new-subproject-project-list.png)
 
 You can choose the **columns displayed by default** in the [System settings](../../../system-admin-guide/system-settings/project-system-settings) in the Administration. 
 
+You can add the columns, as well as define the order of the columns by using the **Configure view** modal. Navigate to it via the menu in the far right corner (three dots) and click **Configure view**.
+
+![Configure view of project lists in OpenProject](configure-view-project-list.png)
+
+A dialogue will open, allowing you to manage and reorder columns. Click **Apply** to see the changes. 
+
+![Configuration form for project lists in OpenProject](configure-view-form-project-list.png)
+
 To change the order of the displayed [custom fields](../../../system-admin-guide/custom-fields) (columns) follow the instructions here: [Displaying a project custom field](../../../system-admin-guide/custom-fields/custom-fields-projects/#display-project-custom-fields).
 
 ### Project lists filters
@@ -75,7 +85,7 @@ Projects can be filtered in OpenProject. The default view will list all currentl
 
 To adjust the project lists view use the **Filters** button, select the filtering criteria you require and click the blue **Apply** button.
 
-If you want to save this filtered list use the menu in the far right corner (three dots) and click **Save**.
+If you want to save this filtered list use the **Save as** link next to the information message in the page header or alternatively click on the menu (three dots) and click **Save as**.
 
 ![Save a filtered project list](save-button-filtered-view.png)
 
@@ -115,6 +125,8 @@ By selecting *Overall activity* you can open a view in which all the latest glob
 
 ![overall activity meeting filter](actvity-global-filter.png)
 
+
+
 ## Export project lists
 
 You can export a project list by clicking on the three dots in the upper right hand corner and selecting > **Export**.

frontend/src/global_styles/content/modules/_2fa.sass

@@ -38,6 +38,11 @@
   flex-direction: row
   width: 75%
 
+  @media screen and (max-width: $breakpoint-sm)
+    flex-direction: column
+    gap: 1rem
+    width: 100%
+
 .mobile-otp-new-device
   border: 1px solid #f1f1f1
   padding: 20px

modules/gitlab_integration/config/locales/crowdin/af.yml

@@ -32,8 +32,8 @@ af:
           attributes:
             labels:
               invalid_schema: "must be an array of hashes with keys: color, title"
-  project_module_gitlab: "Gitlab"
-  permission_show_gitlab_content: "Show Gitlab content"
+  project_module_gitlab: "GitLab"
+  permission_show_gitlab_content: "Show GitLab content"
   gitlab_integration:
     merge_request_opened_comment: >
       **MR Opened:** Merge request %{mr_number} [%{mr_title}](%{mr_url}) for [%{repository}](%{repository_url}) has been opened by [%{gitlab_user}](%{gitlab_user_url}).

modules/gitlab_integration/config/locales/crowdin/ar.yml

@@ -32,8 +32,8 @@ ar:
           attributes:
             labels:
               invalid_schema: "must be an array of hashes with keys: color, title"
-  project_module_gitlab: "Gitlab"
-  permission_show_gitlab_content: "Show Gitlab content"
+  project_module_gitlab: "GitLab"
+  permission_show_gitlab_content: "Show GitLab content"
   gitlab_integration:
     merge_request_opened_comment: >
       **MR Opened:** Merge request %{mr_number} [%{mr_title}](%{mr_url}) for [%{repository}](%{repository_url}) has been opened by [%{gitlab_user}](%{gitlab_user_url}).

modules/gitlab_integration/config/locales/crowdin/az.yml

@@ -32,8 +32,8 @@ az:
           attributes:
             labels:
               invalid_schema: "must be an array of hashes with keys: color, title"
-  project_module_gitlab: "Gitlab"
-  permission_show_gitlab_content: "Show Gitlab content"
+  project_module_gitlab: "GitLab"
+  permission_show_gitlab_content: "Show GitLab content"
   gitlab_integration:
     merge_request_opened_comment: >
       **MR Opened:** Merge request %{mr_number} [%{mr_title}](%{mr_url}) for [%{repository}](%{repository_url}) has been opened by [%{gitlab_user}](%{gitlab_user_url}).

modules/gitlab_integration/config/locales/crowdin/be.yml

@@ -32,8 +32,8 @@ be:
           attributes:
             labels:
               invalid_schema: "must be an array of hashes with keys: color, title"
-  project_module_gitlab: "Gitlab"
-  permission_show_gitlab_content: "Show Gitlab content"
+  project_module_gitlab: "GitLab"
+  permission_show_gitlab_content: "Show GitLab content"
   gitlab_integration:
     merge_request_opened_comment: >
       **MR Opened:** Merge request %{mr_number} [%{mr_title}](%{mr_url}) for [%{repository}](%{repository_url}) has been opened by [%{gitlab_user}](%{gitlab_user_url}).

modules/gitlab_integration/config/locales/crowdin/bg.yml

@@ -32,8 +32,8 @@ bg:
           attributes:
             labels:
               invalid_schema: "must be an array of hashes with keys: color, title"
-  project_module_gitlab: "Gitlab"
-  permission_show_gitlab_content: "Show Gitlab content"
+  project_module_gitlab: "GitLab"
+  permission_show_gitlab_content: "Show GitLab content"
   gitlab_integration:
     merge_request_opened_comment: >
       **MR Opened:** Merge request %{mr_number} [%{mr_title}](%{mr_url}) for [%{repository}](%{repository_url}) has been opened by [%{gitlab_user}](%{gitlab_user_url}).

modules/gitlab_integration/config/locales/crowdin/ca.yml

@@ -32,8 +32,8 @@ ca:
           attributes:
             labels:
               invalid_schema: "must be an array of hashes with keys: color, title"
-  project_module_gitlab: "Gitlab"
-  permission_show_gitlab_content: "Show Gitlab content"
+  project_module_gitlab: "GitLab"
+  permission_show_gitlab_content: "Show GitLab content"
   gitlab_integration:
     merge_request_opened_comment: >
       **MR Opened:** Merge request %{mr_number} [%{mr_title}](%{mr_url}) for [%{repository}](%{repository_url}) has been opened by [%{gitlab_user}](%{gitlab_user_url}).