From 325add71cfa3789b5e7ecf40bfe25376981654a7 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 5 Jan 2021 13:54:48 +0000 Subject: [PATCH] Add option for administrator to reset user 2FA (#14243) * Frontend * Backend * only show 2FA-Reset option if posible --- modules/auth/admin.go | 1 + options/locale/locale_en-US.ini | 1 + routers/admin/users.go | 23 +++++++++++++++++++++++ templates/admin/user/edit.tmpl | 10 ++++++++++ 4 files changed, 35 insertions(+) diff --git a/modules/auth/admin.go b/modules/auth/admin.go index 9caf81e07f..1f840251c7 100644 --- a/modules/auth/admin.go +++ b/modules/auth/admin.go @@ -42,6 +42,7 @@ type AdminEditUserForm struct { AllowImportLocal bool AllowCreateOrganization bool ProhibitLogin bool + Reset2FA bool `form:"reset_2fa"` } // Validate validates form fields diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 06471fd6c4..de4dcde3f0 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -2116,6 +2116,7 @@ users.delete_account = Delete User Account users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first. users.still_has_org = This user is a member of an organization. Remove the user from any organizations first. users.deletion_success = The user account has been deleted. +users.reset_2fa = Reset 2FA emails.email_manage_panel = User Email Management emails.primary = Primary diff --git a/routers/admin/users.go b/routers/admin/users.go index 2ea496624b..1dc6d5bbe2 100644 --- a/routers/admin/users.go +++ b/routers/admin/users.go @@ -183,6 +183,16 @@ func prepareUserInfo(ctx *context.Context) *models.User { } ctx.Data["Sources"] = sources + ctx.Data["TwoFactorEnabled"] = true + _, err = models.GetTwoFactorByUID(u.ID) + if err != nil { + if !models.IsErrTwoFactorNotEnrolled(err) { + ctx.InternalServerError(err) + return nil + } + ctx.Data["TwoFactorEnabled"] = false + } + return u } @@ -259,6 +269,19 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) { u.HashPassword(form.Password) } + if form.Reset2FA { + tf, err := models.GetTwoFactorByUID(u.ID) + if err != nil && !models.IsErrTwoFactorNotEnrolled(err) { + ctx.InternalServerError(err) + return + } + + if err = models.DeleteTwoFactorByID(tf.ID, u.ID); err != nil { + ctx.InternalServerError(err) + return + } + } + u.LoginName = form.LoginName u.FullName = form.FullName u.Email = form.Email diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl index d6cbdd5f53..9edf337f04 100644 --- a/templates/admin/user/edit.tmpl +++ b/templates/admin/user/edit.tmpl @@ -110,6 +110,16 @@ {{end}} + {{if .TwoFactorEnabled}} +
+
+
+ + +
+
+ {{end}} +