From 7880671f3527b80de891053beaeae4a8a22c8c58 Mon Sep 17 00:00:00 2001
From: Kaylee <kaylee@codethat.sucks>
Date: Tue, 2 May 2017 20:07:12 +0100
Subject: Add option to disable two factor auth in admin accounts panel.
 (#2584)

* Add option to disable two factor auth in admin accounts panel.
Closes #2578

* Add @mjankowski's suggestions.
* Moves destroy actions behind User#disable_two_factor!
* Adds spec coverage for Admin:TwoFactorAuthenticationsController and User#disable_two_factor!
---
 .../admin/two_factor_authentications_controller.rb     | 18 ++++++++++++++++++
 app/models/user.rb                                     |  6 ++++++
 app/views/admin/accounts/show.html.haml                |  2 ++
 3 files changed, 26 insertions(+)
 create mode 100644 app/controllers/admin/two_factor_authentications_controller.rb

(limited to 'app')

diff --git a/app/controllers/admin/two_factor_authentications_controller.rb b/app/controllers/admin/two_factor_authentications_controller.rb
new file mode 100644
index 000000000..69c08f605
--- /dev/null
+++ b/app/controllers/admin/two_factor_authentications_controller.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Admin
+  class TwoFactorAuthenticationsController < BaseController
+    before_action :set_user
+
+    def destroy
+      @user.disable_two_factor!
+      redirect_to admin_accounts_path
+    end
+
+    private
+
+    def set_user
+      @user = User.find(params[:user_id])
+    end
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index f6e080d4e..f8e8a2efa 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -56,6 +56,12 @@ class User < ApplicationRecord
     confirmed_at.present?
   end
 
+  def disable_two_factor!
+    self.otp_required_for_login = false
+    otp_backup_codes&.clear
+    save!
+  end
+
   def send_devise_notification(notification, *args)
     devise_mailer.send(notification, self, *args).deliver_later
   end
diff --git a/app/views/admin/accounts/show.html.haml b/app/views/admin/accounts/show.html.haml
index 0b3348960..1a9bd2c48 100644
--- a/app/views/admin/accounts/show.html.haml
+++ b/app/views/admin/accounts/show.html.haml
@@ -70,6 +70,8 @@
 - if @account.local?
   %div{ style: 'float: right' }
     = link_to t('admin.accounts.reset_password'), admin_account_reset_path(@account.id), method: :create, class: 'button'
+    - if @account.user&.otp_required_for_login?
+      = link_to t('admin.accounts.disable_two_factor_authentication'), admin_user_two_factor_authentication_path(@account.user.id), method: :delete, class: 'button'
 
 %div{ style: 'float: left' }
   - if @account.silenced?
-- 
cgit