Commit 171d6fcc authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'rs-disable-2fa-by-admin' into 'master'

Allow admins to disable 2FA for a user

> ![Screen_Shot_2015-07-10_at_5.19.13_PM](https://gitlab.com/gitlab-org/gitlab-ce/uploads/3f9bb7c783110d2689c282879cb4b061/Screen_Shot_2015-07-10_at_5.19.13_PM.png)

Depends on !961

See merge request !962
parents d93da8be db8f4c06
...@@ -45,6 +45,7 @@ v 7.13.0 (unreleased) ...@@ -45,6 +45,7 @@ v 7.13.0 (unreleased)
- Make left menu more hierarchical and less contextual by adding back item at top - Make left menu more hierarchical and less contextual by adding back item at top
- A fork can’t have a visibility level that is greater than the original project. - A fork can’t have a visibility level that is greater than the original project.
- Faster code search in repository and wiki. Fixes search page timeout for big repositories - Faster code search in repository and wiki. Fixes search page timeout for big repositories
- Allow administrators to disable 2FA for a specific user
v 7.12.2 v 7.12.2
- Correctly show anonymous authorized applications under Profile > Applications. - Correctly show anonymous authorized applications under Profile > Applications.
......
...@@ -55,6 +55,12 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -55,6 +55,12 @@ class Admin::UsersController < Admin::ApplicationController
end end
end end
def disable_two_factor
user.disable_two_factor!
redirect_to admin_user_path(user),
notice: 'Two-factor Authentication has been disabled for this user'
end
def create def create
opts = { opts = {
force_random_password: true, force_random_password: true,
......
...@@ -43,6 +43,7 @@ ...@@ -43,6 +43,7 @@
%strong{class: @user.two_factor_enabled? ? 'cgreen' : 'cred'} %strong{class: @user.two_factor_enabled? ? 'cgreen' : 'cred'}
- if @user.two_factor_enabled? - if @user.two_factor_enabled?
Enabled Enabled
= link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn btn-xs btn-remove pull-right', title: 'Disable Two-factor Authentication'
- else - else
Disabled Disabled
......
...@@ -159,6 +159,7 @@ Gitlab::Application.routes.draw do ...@@ -159,6 +159,7 @@ Gitlab::Application.routes.draw do
put :block put :block
put :unblock put :unblock
put :unlock put :unlock
patch :disable_two_factor
delete 'remove/:email_id', action: 'remove_email', as: 'remove_email' delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
end end
end end
......
...@@ -36,4 +36,32 @@ describe Admin::UsersController do ...@@ -36,4 +36,32 @@ describe Admin::UsersController do
expect(user.access_locked?).to be_falsey expect(user.access_locked?).to be_falsey
end end
end end
describe 'PATCH disable_two_factor' do
let(:user) { create(:user) }
it 'disables 2FA for the user' do
expect(user).to receive(:disable_two_factor!)
allow(subject).to receive(:user).and_return(user)
go
end
it 'redirects back' do
go
expect(response).to redirect_to(admin_user_path(user))
end
it 'displays an alert' do
go
expect(flash[:notice]).
to eq 'Two-factor Authentication has been disabled for this user'
end
def go
patch :disable_two_factor, id: user.to_param
end
end
end end
require 'rails_helper'
feature 'Admin disables 2FA for a user', feature: true do
scenario 'successfully', js: true do
login_as(:admin)
user = create(:user, :two_factor)
edit_user(user)
page.within('.two-factor-status') do
click_link 'Disable'
end
page.within('.two-factor-status') do
expect(page).to have_content 'Disabled'
expect(page).not_to have_button 'Disable'
end
end
scenario 'for a user without 2FA enabled' do
login_as(:admin)
user = create(:user)
edit_user(user)
page.within('.two-factor-status') do
expect(page).not_to have_button 'Disable'
end
end
def edit_user(user)
visit admin_user_path(user)
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment