From db8f4c06060d002c63b20ff51871976aaf9c9d4c Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Fri, 10 Jul 2015 17:11:39 -0400
Subject: [PATCH] Add a button to Admin::Users#show to disable 2FA for that
 user

---
 CHANGELOG                                     |  1 +
 app/views/admin/users/show.html.haml          |  1 +
 .../admin/admin_disables_two_factor_spec.rb   | 33 +++++++++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 spec/features/admin/admin_disables_two_factor_spec.rb

diff --git a/CHANGELOG b/CHANGELOG
index a964a192216..a63d90a8f91 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -43,6 +43,7 @@ v 7.13.0 (unreleased)
   - Redesign project page. Show README as default instead of activity. Move project activity to separate page
   - Make left menu more hierarchical and less contextual by adding back item at top
   - A fork can’t have a visibility level that is greater than the original project.
+  - Allow administrators to disable 2FA for a specific user
 
 v 7.12.2
   - Correctly show anonymous authorized applications under Profile > Applications.
diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml
index 8c6b8e851c4..33730ff05df 100644
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@@ -43,6 +43,7 @@
           %strong{class: @user.two_factor_enabled? ? 'cgreen' : 'cred'}
             - if @user.two_factor_enabled?
               Enabled
+              = link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn btn-xs btn-remove pull-right', title: 'Disable Two-factor Authentication'
             - else
               Disabled
 
diff --git a/spec/features/admin/admin_disables_two_factor_spec.rb b/spec/features/admin/admin_disables_two_factor_spec.rb
new file mode 100644
index 00000000000..71be66303d2
--- /dev/null
+++ b/spec/features/admin/admin_disables_two_factor_spec.rb
@@ -0,0 +1,33 @@
+require 'rails_helper'
+
+feature 'Admin disables 2FA for a user', feature: true do
+  scenario 'successfully', js: true do
+    login_as(:admin)
+    user = create(:user, :two_factor)
+
+    edit_user(user)
+    page.within('.two-factor-status') do
+      click_link 'Disable'
+    end
+
+    page.within('.two-factor-status') do
+      expect(page).to have_content 'Disabled'
+      expect(page).not_to have_button 'Disable'
+    end
+  end
+
+  scenario 'for a user without 2FA enabled' do
+    login_as(:admin)
+    user = create(:user)
+
+    edit_user(user)
+
+    page.within('.two-factor-status') do
+      expect(page).not_to have_button 'Disable'
+    end
+  end
+
+  def edit_user(user)
+    visit admin_user_path(user)
+  end
+end