Add option to disable two factor auth in admin accounts panel. (#2584)

* Add option to disable two factor auth in admin accounts panel.
Closes #2578

* Add @mjankowski's suggestions.
* Moves destroy actions behind User#disable_two_factor!
* Adds spec coverage for Admin:TwoFactorAuthenticationsController and User#disable_two_factor!
This commit is contained in:
Kaylee 2017-05-02 20:07:12 +01:00 committed by Eugen Rochko
parent b5eec34230
commit 7880671f35
7 changed files with 62 additions and 0 deletions

View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
module Admin
class TwoFactorAuthenticationsController < BaseController
before_action :set_user
def destroy
@user.disable_two_factor!
redirect_to admin_accounts_path
end
private
def set_user
@user = User.find(params[:user_id])
end
end
end

View File

@ -56,6 +56,12 @@ class User < ApplicationRecord
confirmed_at.present? confirmed_at.present?
end end
def disable_two_factor!
self.otp_required_for_login = false
otp_backup_codes&.clear
save!
end
def send_devise_notification(notification, *args) def send_devise_notification(notification, *args)
devise_mailer.send(notification, self, *args).deliver_later devise_mailer.send(notification, self, *args).deliver_later
end end

View File

@ -70,6 +70,8 @@
- if @account.local? - if @account.local?
%div{ style: 'float: right' } %div{ style: 'float: right' }
= link_to t('admin.accounts.reset_password'), admin_account_reset_path(@account.id), method: :create, class: 'button' = link_to t('admin.accounts.reset_password'), admin_account_reset_path(@account.id), method: :create, class: 'button'
- if @account.user&.otp_required_for_login?
= link_to t('admin.accounts.disable_two_factor_authentication'), admin_user_two_factor_authentication_path(@account.user.id), method: :delete, class: 'button'
%div{ style: 'float: left' } %div{ style: 'float: left' }
- if @account.silenced? - if @account.silenced?

View File

@ -84,6 +84,7 @@ en:
public: Public public: Public
push_subscription_expires: PuSH subscription expires push_subscription_expires: PuSH subscription expires
reset_password: Reset password reset_password: Reset password
disable_two_factor_authentication: Disable 2FA
salmon_url: Salmon URL salmon_url: Salmon URL
show: show:
created_reports: Reports created by this account created_reports: Reports created by this account

View File

@ -89,6 +89,10 @@ Rails.application.routes.draw do
resource :suspension, only: [:create, :destroy] resource :suspension, only: [:create, :destroy]
resource :confirmation, only: [:create] resource :confirmation, only: [:create]
end end
resources :users, only: [] do
resource :two_factor_authentication, only: [:destroy]
end
end end
get '/admin', to: redirect('/admin/settings', status: 302) get '/admin', to: redirect('/admin/settings', status: 302)

View File

@ -0,0 +1,17 @@
require 'rails_helper'
describe Admin::TwoFactorAuthenticationsController do
render_views
let(:user) { Fabricate(:user) }
before do
sign_in Fabricate(:user, admin: true), scope: :user
end
describe 'DELETE #destroy' do
it 'redirects to admin accounts page' do
delete :destroy, params: { user_id: user.id }
expect(response).to redirect_to(admin_accounts_path)
end
end
end

View File

@ -126,6 +126,20 @@ RSpec.describe User, type: :model do
end end
end end
describe '#disable_two_factor!' do
it 'sets otp_required_for_login to false' do
user = Fabricate.build(:user, otp_required_for_login: true)
user.disable_two_factor!
expect(user.otp_required_for_login).to be false
end
it 'clears otp_backup_codes' do
user = Fabricate.build(:user, otp_backup_codes: %w[dummy dummy])
user.disable_two_factor!
expect(user.otp_backup_codes.empty?).to be true
end
end
describe 'whitelist' do describe 'whitelist' do
around(:each) do |example| around(:each) do |example|
old_whitelist = Rails.configuration.x.email_whitelist old_whitelist = Rails.configuration.x.email_whitelist