diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-07-13 08:49:46 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-07-13 08:49:46 +0000 |
| commit | 171d6fccae79efe4e85e772cb501b2e23e862b19 (patch) | |
| tree | e29d388953560ad60386b96adbac83c47fa3f033 | |
| parent | d93da8bed598249c67b71b3acdd4944952e80db2 (diff) | |
| parent | db8f4c06060d002c63b20ff51871976aaf9c9d4c (diff) | |
| download | gitlab-ce-171d6fccae79efe4e85e772cb501b2e23e862b19.tar.gz | |
Merge branch 'rs-disable-2fa-by-admin' into 'master'
Allow admins to disable 2FA for a user
> 
Depends on !961
See merge request !962
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/admin/users_controller.rb | 6 | ||||
| -rw-r--r-- | app/views/admin/users/show.html.haml | 1 | ||||
| -rw-r--r-- | config/routes.rb | 1 | ||||
| -rw-r--r-- | spec/controllers/admin/users_controller_spec.rb | 28 | ||||
| -rw-r--r-- | spec/features/admin/admin_disables_two_factor_spec.rb | 33 |
6 files changed, 70 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index baa9a7afb9f..93983c63593 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -45,6 +45,7 @@ v 7.13.0 (unreleased) - Make left menu more hierarchical and less contextual by adding back item at top - A fork can’t have a visibility level that is greater than the original project. - Faster code search in repository and wiki. Fixes search page timeout for big repositories + - Allow administrators to disable 2FA for a specific user v 7.12.2 - Correctly show anonymous authorized applications under Profile > Applications. diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 7a683098df3..770fe00af51 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -55,6 +55,12 @@ class Admin::UsersController < Admin::ApplicationController end end + def disable_two_factor + user.disable_two_factor! + redirect_to admin_user_path(user), + notice: 'Two-factor Authentication has been disabled for this user' + end + def create opts = { force_random_password: true, diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml index 8c6b8e851c4..33730ff05df 100644 --- a/app/views/admin/users/show.html.haml +++ b/app/views/admin/users/show.html.haml @@ -43,6 +43,7 @@ %strong{class: @user.two_factor_enabled? ? 'cgreen' : 'cred'} - if @user.two_factor_enabled? Enabled + = link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn btn-xs btn-remove pull-right', title: 'Disable Two-factor Authentication' - else Disabled diff --git a/config/routes.rb b/config/routes.rb index fd04d7b2f54..055d59a0c93 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -159,6 +159,7 @@ Gitlab::Application.routes.draw do put :block put :unblock put :unlock + patch :disable_two_factor delete 'remove/:email_id', action: 'remove_email', as: 'remove_email' end end diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb index 550a91a79e2..6f4c8987637 100644 --- a/spec/controllers/admin/users_controller_spec.rb +++ b/spec/controllers/admin/users_controller_spec.rb @@ -36,4 +36,32 @@ describe Admin::UsersController do expect(user.access_locked?).to be_falsey end end + + describe 'PATCH disable_two_factor' do + let(:user) { create(:user) } + + it 'disables 2FA for the user' do + expect(user).to receive(:disable_two_factor!) + allow(subject).to receive(:user).and_return(user) + + go + end + + it 'redirects back' do + go + + expect(response).to redirect_to(admin_user_path(user)) + end + + it 'displays an alert' do + go + + expect(flash[:notice]). + to eq 'Two-factor Authentication has been disabled for this user' + end + + def go + patch :disable_two_factor, id: user.to_param + end + end end diff --git a/spec/features/admin/admin_disables_two_factor_spec.rb b/spec/features/admin/admin_disables_two_factor_spec.rb new file mode 100644 index 00000000000..71be66303d2 --- /dev/null +++ b/spec/features/admin/admin_disables_two_factor_spec.rb @@ -0,0 +1,33 @@ +require 'rails_helper' + +feature 'Admin disables 2FA for a user', feature: true do + scenario 'successfully', js: true do + login_as(:admin) + user = create(:user, :two_factor) + + edit_user(user) + page.within('.two-factor-status') do + click_link 'Disable' + end + + page.within('.two-factor-status') do + expect(page).to have_content 'Disabled' + expect(page).not_to have_button 'Disable' + end + end + + scenario 'for a user without 2FA enabled' do + login_as(:admin) + user = create(:user) + + edit_user(user) + + page.within('.two-factor-status') do + expect(page).not_to have_button 'Disable' + end + end + + def edit_user(user) + visit admin_user_path(user) + end +end |