Add option for administrator to reset user 2FA (#14243)

* Frontend * Backend * only show 2FA-Reset option if posible
3 years ago · 325add71cf
parent 15a475b7db
commit 325add71cf
4 changed files with 35 additions and 0 deletions
--- a/modules/auth/admin.go
+++ b/modules/auth/admin.go
@ -42,6 +42,7 @@ type AdminEditUserForm struct {
 	AllowImportLocal        bool
 	AllowCreateOrganization bool
 	ProhibitLogin           bool
+	Reset2FA                bool `form:"reset_2fa"`
 }

 // Validate validates form fields
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@ -2116,6 +2116,7 @@ users.delete_account = Delete User Account
 users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
 users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
 users.deletion_success = The user account has been deleted.
+users.reset_2fa = Reset 2FA

 emails.email_manage_panel = User Email Management
 emails.primary = Primary
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@ -183,6 +183,16 @@ func prepareUserInfo(ctx *context.Context) *models.User {
 	}
 	ctx.Data["Sources"] = sources

+	ctx.Data["TwoFactorEnabled"] = true
+	_, err = models.GetTwoFactorByUID(u.ID)
+	if err != nil {
+		if !models.IsErrTwoFactorNotEnrolled(err) {
+			ctx.InternalServerError(err)
+			return nil
+		}
+		ctx.Data["TwoFactorEnabled"] = false
+	}
+
 	return u
 }

@ -259,6 +269,19 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
 		u.HashPassword(form.Password)
 	}

+	if form.Reset2FA {
+		tf, err := models.GetTwoFactorByUID(u.ID)
+		if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {
+			ctx.InternalServerError(err)
+			return
+		}
+
+		if err = models.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
+			ctx.InternalServerError(err)
+			return
+		}
+	}
+
 	u.LoginName = form.LoginName
 	u.FullName = form.FullName
 	u.Email = form.Email
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@ -110,6 +110,16 @@
 				</div>
 				{{end}}

+				{{if .TwoFactorEnabled}}
+				<div class="ui divider"></div>
+				<div class="inline field">
+					<div class="ui checkbox">
+						<label><strong>{{.i18n.Tr "admin.users.reset_2fa"}}</strong></label>
+						<input name="reset_2fa" type="checkbox">
+					</div>
+				</div>
+				{{end}}
+
 				<div class="ui divider"></div>

 				<div class="field">