Merge branch 'rs-disable-2fa-by-admin' into 'master'

Allow admins to disable 2FA for a user > ![Screen_Shot_2015-07-10_at_5.19.13_PM](https://gitlab.com/gitlab-org/gitlab-ce/uploads/3f9bb7c783110d2689c282879cb4b061/Screen_Shot_2015-07-10_at_5.19.13_PM.png) Depends on !961 See merge request !962
2015-07-13 08:49:46 +00:00 · 2015-07-13 08:49:46 +00:00 · 171d6fccae
commit 171d6fccae
parent d93da8bed5 db8f4c0606
6 changed files with 70 additions and 0 deletions
--- a/1
+++ b/1
@ -45,6 +45,7 @@ v 7.13.0 (unreleased)
  - Make left menu more hierarchical and less contextual by adding back item at top
  - A fork can’t have a visibility level that is greater than the original project.
  - Faster code search in repository and wiki. Fixes search page timeout for big repositories 
+  - Allow administrators to disable 2FA for a specific user

 v 7.12.2
  - Correctly show anonymous authorized applications under Profile > Applications.
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@ -55,6 +55,12 @@ class Admin::UsersController < Admin::ApplicationController
    end
  end

+  def disable_two_factor
+    user.disable_two_factor!
+    redirect_to admin_user_path(user),
+      notice: 'Two-factor Authentication has been disabled for this user'
+  end
+
  def create
    opts = {
      force_random_password: true,
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@ -43,6 +43,7 @@
          %strong{class: @user.two_factor_enabled? ? 'cgreen' : 'cred'}
            - if @user.two_factor_enabled?
              Enabled
+              = link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn btn-xs btn-remove pull-right', title: 'Disable Two-factor Authentication'
            - else
              Disabled

--- a/config/routes.rb
+++ b/config/routes.rb
@ -159,6 +159,7 @@ Gitlab::Application.routes.draw do
        put :block
        put :unblock
        put :unlock
+        patch :disable_two_factor
        delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
      end
    end
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@ -36,4 +36,32 @@ describe Admin::UsersController do
      expect(user.access_locked?).to be_falsey
    end
  end
+
+  describe 'PATCH disable_two_factor' do
+    let(:user) { create(:user) }
+
+    it 'disables 2FA for the user' do
+      expect(user).to receive(:disable_two_factor!)
+      allow(subject).to receive(:user).and_return(user)
+
+      go
+    end
+
+    it 'redirects back' do
+      go
+
+      expect(response).to redirect_to(admin_user_path(user))
+    end
+
+    it 'displays an alert' do
+      go
+
+      expect(flash[:notice]).
+        to eq 'Two-factor Authentication has been disabled for this user'
+    end
+
+    def go
+      patch :disable_two_factor, id: user.to_param
+    end
+  end
 end
--- a/spec/features/admin/admin_disables_two_factor_spec.rb
+++ b/spec/features/admin/admin_disables_two_factor_spec.rb
@ -0,0 +1,33 @@
+require 'rails_helper'
+
+feature 'Admin disables 2FA for a user', feature: true do
+  scenario 'successfully', js: true do
+    login_as(:admin)
+    user = create(:user, :two_factor)
+
+    edit_user(user)
+    page.within('.two-factor-status') do
+      click_link 'Disable'
+    end
+
+    page.within('.two-factor-status') do
+      expect(page).to have_content 'Disabled'
+      expect(page).not_to have_button 'Disable'
+    end
+  end
+
+  scenario 'for a user without 2FA enabled' do
+    login_as(:admin)
+    user = create(:user)
+
+    edit_user(user)
+
+    page.within('.two-factor-status') do
+      expect(page).not_to have_button 'Disable'
+    end
+  end
+
+  def edit_user(user)
+    visit admin_user_path(user)
+  end
+end