Add option to disable two factor auth in admin accounts panel. (#2584)
* Add option to disable two factor auth in admin accounts panel. Closes #2578 * Add @mjankowski's suggestions. * Moves destroy actions behind User#disable_two_factor! * Adds spec coverage for Admin:TwoFactorAuthenticationsController and User#disable_two_factor!
This commit is contained in:
parent
b5eec34230
commit
7880671f35
|
@ -0,0 +1,18 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Admin
|
||||
class TwoFactorAuthenticationsController < BaseController
|
||||
before_action :set_user
|
||||
|
||||
def destroy
|
||||
@user.disable_two_factor!
|
||||
redirect_to admin_accounts_path
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def set_user
|
||||
@user = User.find(params[:user_id])
|
||||
end
|
||||
end
|
||||
end
|
|
@ -56,6 +56,12 @@ class User < ApplicationRecord
|
|||
confirmed_at.present?
|
||||
end
|
||||
|
||||
def disable_two_factor!
|
||||
self.otp_required_for_login = false
|
||||
otp_backup_codes&.clear
|
||||
save!
|
||||
end
|
||||
|
||||
def send_devise_notification(notification, *args)
|
||||
devise_mailer.send(notification, self, *args).deliver_later
|
||||
end
|
||||
|
|
|
@ -70,6 +70,8 @@
|
|||
- if @account.local?
|
||||
%div{ style: 'float: right' }
|
||||
= link_to t('admin.accounts.reset_password'), admin_account_reset_path(@account.id), method: :create, class: 'button'
|
||||
- if @account.user&.otp_required_for_login?
|
||||
= link_to t('admin.accounts.disable_two_factor_authentication'), admin_user_two_factor_authentication_path(@account.user.id), method: :delete, class: 'button'
|
||||
|
||||
%div{ style: 'float: left' }
|
||||
- if @account.silenced?
|
||||
|
|
|
@ -84,6 +84,7 @@ en:
|
|||
public: Public
|
||||
push_subscription_expires: PuSH subscription expires
|
||||
reset_password: Reset password
|
||||
disable_two_factor_authentication: Disable 2FA
|
||||
salmon_url: Salmon URL
|
||||
show:
|
||||
created_reports: Reports created by this account
|
||||
|
|
|
@ -89,6 +89,10 @@ Rails.application.routes.draw do
|
|||
resource :suspension, only: [:create, :destroy]
|
||||
resource :confirmation, only: [:create]
|
||||
end
|
||||
|
||||
resources :users, only: [] do
|
||||
resource :two_factor_authentication, only: [:destroy]
|
||||
end
|
||||
end
|
||||
|
||||
get '/admin', to: redirect('/admin/settings', status: 302)
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
require 'rails_helper'
|
||||
|
||||
describe Admin::TwoFactorAuthenticationsController do
|
||||
render_views
|
||||
|
||||
let(:user) { Fabricate(:user) }
|
||||
before do
|
||||
sign_in Fabricate(:user, admin: true), scope: :user
|
||||
end
|
||||
|
||||
describe 'DELETE #destroy' do
|
||||
it 'redirects to admin accounts page' do
|
||||
delete :destroy, params: { user_id: user.id }
|
||||
expect(response).to redirect_to(admin_accounts_path)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -126,6 +126,20 @@ RSpec.describe User, type: :model do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#disable_two_factor!' do
|
||||
it 'sets otp_required_for_login to false' do
|
||||
user = Fabricate.build(:user, otp_required_for_login: true)
|
||||
user.disable_two_factor!
|
||||
expect(user.otp_required_for_login).to be false
|
||||
end
|
||||
|
||||
it 'clears otp_backup_codes' do
|
||||
user = Fabricate.build(:user, otp_backup_codes: %w[dummy dummy])
|
||||
user.disable_two_factor!
|
||||
expect(user.otp_backup_codes.empty?).to be true
|
||||
end
|
||||
end
|
||||
|
||||
describe 'whitelist' do
|
||||
around(:each) do |example|
|
||||
old_whitelist = Rails.configuration.x.email_whitelist
|
||||
|
|
Reference in a new issue