Add option to disable two factor auth in admin accounts panel. (#2584)
* Add option to disable two factor auth in admin accounts panel. Closes #2578 * Add @mjankowski's suggestions. * Moves destroy actions behind User#disable_two_factor! * Adds spec coverage for Admin:TwoFactorAuthenticationsController and User#disable_two_factor!
This commit is contained in:
parent
b5eec34230
commit
7880671f35
7 changed files with 62 additions and 0 deletions
|
@ -0,0 +1,18 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module Admin
|
||||||
|
class TwoFactorAuthenticationsController < BaseController
|
||||||
|
before_action :set_user
|
||||||
|
|
||||||
|
def destroy
|
||||||
|
@user.disable_two_factor!
|
||||||
|
redirect_to admin_accounts_path
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def set_user
|
||||||
|
@user = User.find(params[:user_id])
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -56,6 +56,12 @@ class User < ApplicationRecord
|
||||||
confirmed_at.present?
|
confirmed_at.present?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def disable_two_factor!
|
||||||
|
self.otp_required_for_login = false
|
||||||
|
otp_backup_codes&.clear
|
||||||
|
save!
|
||||||
|
end
|
||||||
|
|
||||||
def send_devise_notification(notification, *args)
|
def send_devise_notification(notification, *args)
|
||||||
devise_mailer.send(notification, self, *args).deliver_later
|
devise_mailer.send(notification, self, *args).deliver_later
|
||||||
end
|
end
|
||||||
|
|
|
@ -70,6 +70,8 @@
|
||||||
- if @account.local?
|
- if @account.local?
|
||||||
%div{ style: 'float: right' }
|
%div{ style: 'float: right' }
|
||||||
= link_to t('admin.accounts.reset_password'), admin_account_reset_path(@account.id), method: :create, class: 'button'
|
= link_to t('admin.accounts.reset_password'), admin_account_reset_path(@account.id), method: :create, class: 'button'
|
||||||
|
- if @account.user&.otp_required_for_login?
|
||||||
|
= link_to t('admin.accounts.disable_two_factor_authentication'), admin_user_two_factor_authentication_path(@account.user.id), method: :delete, class: 'button'
|
||||||
|
|
||||||
%div{ style: 'float: left' }
|
%div{ style: 'float: left' }
|
||||||
- if @account.silenced?
|
- if @account.silenced?
|
||||||
|
|
|
@ -84,6 +84,7 @@ en:
|
||||||
public: Public
|
public: Public
|
||||||
push_subscription_expires: PuSH subscription expires
|
push_subscription_expires: PuSH subscription expires
|
||||||
reset_password: Reset password
|
reset_password: Reset password
|
||||||
|
disable_two_factor_authentication: Disable 2FA
|
||||||
salmon_url: Salmon URL
|
salmon_url: Salmon URL
|
||||||
show:
|
show:
|
||||||
created_reports: Reports created by this account
|
created_reports: Reports created by this account
|
||||||
|
|
|
@ -89,6 +89,10 @@ Rails.application.routes.draw do
|
||||||
resource :suspension, only: [:create, :destroy]
|
resource :suspension, only: [:create, :destroy]
|
||||||
resource :confirmation, only: [:create]
|
resource :confirmation, only: [:create]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
resources :users, only: [] do
|
||||||
|
resource :two_factor_authentication, only: [:destroy]
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
get '/admin', to: redirect('/admin/settings', status: 302)
|
get '/admin', to: redirect('/admin/settings', status: 302)
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
describe Admin::TwoFactorAuthenticationsController do
|
||||||
|
render_views
|
||||||
|
|
||||||
|
let(:user) { Fabricate(:user) }
|
||||||
|
before do
|
||||||
|
sign_in Fabricate(:user, admin: true), scope: :user
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'DELETE #destroy' do
|
||||||
|
it 'redirects to admin accounts page' do
|
||||||
|
delete :destroy, params: { user_id: user.id }
|
||||||
|
expect(response).to redirect_to(admin_accounts_path)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -126,6 +126,20 @@ RSpec.describe User, type: :model do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#disable_two_factor!' do
|
||||||
|
it 'sets otp_required_for_login to false' do
|
||||||
|
user = Fabricate.build(:user, otp_required_for_login: true)
|
||||||
|
user.disable_two_factor!
|
||||||
|
expect(user.otp_required_for_login).to be false
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'clears otp_backup_codes' do
|
||||||
|
user = Fabricate.build(:user, otp_backup_codes: %w[dummy dummy])
|
||||||
|
user.disable_two_factor!
|
||||||
|
expect(user.otp_backup_codes.empty?).to be true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'whitelist' do
|
describe 'whitelist' do
|
||||||
around(:each) do |example|
|
around(:each) do |example|
|
||||||
old_whitelist = Rails.configuration.x.email_whitelist
|
old_whitelist = Rails.configuration.x.email_whitelist
|
||||||
|
|
Loading…
Reference in a new issue