From 026f9da035dcbf5ff12387600162841f94b47154 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Wed, 21 Aug 2019 17:13:06 +0200 Subject: [PATCH] Allow removing users two factors --- src/api/admin.rs | 13 +++++++++++++ src/api/core/two_factor.rs | 4 +--- src/static/templates/admin/page.hbs | 16 +++++++++++++--- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/src/api/admin.rs b/src/api/admin.rs index a8b30f90..222b18b2 100644 --- a/src/api/admin.rs +++ b/src/api/admin.rs @@ -28,6 +28,7 @@ pub fn routes() -> Vec { invite_user, delete_user, deauth_user, + remove_2fa, update_revision_users, post_config, delete_config, @@ -196,6 +197,18 @@ fn deauth_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult { user.save(&conn) } +#[post("/users//remove-2fa")] +fn remove_2fa(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult { + let mut user = match User::find_by_uuid(&uuid, &conn) { + Some(user) => user, + None => err!("User doesn't exist"), + }; + + TwoFactor::delete_all_by_user(&user.uuid, &conn)?; + user.totp_recover = None; + user.save(&conn) +} + #[post("/users/update_revision")] fn update_revision_users(_token: AdminToken, conn: DbConn) -> EmptyResult { User::update_all_revisions(&conn) diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs index dea5a735..a2555283 100644 --- a/src/api/core/two_factor.rs +++ b/src/api/core/two_factor.rs @@ -95,9 +95,7 @@ fn recover(data: JsonUpcase, conn: DbConn) -> JsonResult { } // Remove all twofactors from the user - for twofactor in TwoFactor::find_by_user(&user.uuid, &conn) { - twofactor.delete(&conn)?; - } + TwoFactor::delete_all_by_user(&user.uuid, &conn)?; // Remove the recovery code, not needed without twofactors user.totp_recover = None; diff --git a/src/static/templates/admin/page.hbs b/src/static/templates/admin/page.hbs index 24e16d1a..ffc6d20d 100644 --- a/src/static/templates/admin/page.hbs +++ b/src/static/templates/admin/page.hbs @@ -26,9 +26,13 @@ {{/each}} -
- Deauthorize sessions - Delete User +
+ {{#if TwoFactorEnabled}} + Remove all 2FA + {{/if}} + + Deauthorize sessions + Delete User
@@ -227,6 +231,12 @@ } return false; } + function remove2fa(id) { + _post("/admin/users/" + id + "/remove-2fa", + "2FA removed correctly", + "Error removing 2FA"); + return false; + } function deauthUser(id) { _post("/admin/users/" + id + "/deauth", "Sessions deauthorized correctly",