Add option for administrator to reset user 2FA (#14243)

6543 · web-flow · commit 325add71cfa3 · 2021-01-05T14:54:48.000+01:00
* Frontend

* Backend

* only show 2FA-Reset option if posible
diff --git a/modules/auth/admin.go b/modules/auth/admin.go
@@ -42,6 +42,7 @@ type AdminEditUserForm struct {
 	AllowImportLocal        bool
 	AllowCreateOrganization bool
 	ProhibitLogin           bool
+	Reset2FA                bool `form:"reset_2fa"`
 }
 
 // Validate validates form fields
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
@@ -2116,6 +2116,7 @@ users.delete_account = Delete User Account
 users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
 users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
 users.deletion_success = The user account has been deleted.
+users.reset_2fa = Reset 2FA
 
 emails.email_manage_panel = User Email Management
 emails.primary = Primary
diff --git a/routers/admin/users.go b/routers/admin/users.go
@@ -183,6 +183,16 @@ func prepareUserInfo(ctx *context.Context) *models.User {
 	}
 	ctx.Data["Sources"] = sources
 
+	ctx.Data["TwoFactorEnabled"] = true
+	_, err = models.GetTwoFactorByUID(u.ID)
+	if err != nil {
+		if !models.IsErrTwoFactorNotEnrolled(err) {
+			ctx.InternalServerError(err)
+			return nil
+		}
+		ctx.Data["TwoFactorEnabled"] = false
+	}
+
 	return u
 }
 
@@ -259,6 +269,19 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
 		u.HashPassword(form.Password)
 	}
 
+	if form.Reset2FA {
+		tf, err := models.GetTwoFactorByUID(u.ID)
+		if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {
+			ctx.InternalServerError(err)
+			return
+		}
+
+		if err = models.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
+			ctx.InternalServerError(err)
+			return
+		}
+	}
+
 	u.LoginName = form.LoginName
 	u.FullName = form.FullName
 	u.Email = form.Email
diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
@@ -110,6 +110,16 @@
 				</div>
 				{{end}}
 
+				{{if .TwoFactorEnabled}}
+				<div class="ui divider"></div>
+				<div class="inline field">
+					<div class="ui checkbox">
+						<label><strong>{{.i18n.Tr "admin.users.reset_2fa"}}</strong></label>
+						<input name="reset_2fa" type="checkbox">
+					</div>
+				</div>
+				{{end}}
+
 				<div class="ui divider"></div>
 
 				<div class="field">

Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@ type AdminEditUserForm struct {`
`42`	`42`	`AllowImportLocal bool`
`43`	`43`	`AllowCreateOrganization bool`
`44`	`44`	`ProhibitLogin bool`
	`45`	+ Reset2FA bool `form:"reset_2fa"`
`45`	`46`	`}`
`46`	`47`
`47`	`48`	`// Validate validates form fields`