Add option for administrator to reset user 2FA (#14243)

* Frontend

* Backend

* only show 2FA-Reset option if posible

diff --git a/modules/auth/admin.go b/modules/auth/admin.go
index 9caf81e07ffb313407bd7e531c4668a9e245d89c..1f840251c7bca00f2915001f0655ba7b7d0f47bd 100644 (file)
--- a/modules/auth/admin.go
+++ b/modules/auth/admin.go
@@ -42,6 +42,7 @@ type AdminEditUserForm struct {
        AllowImportLocal        bool
        AllowCreateOrganization bool
        ProhibitLogin           bool
+       Reset2FA                bool `form:"reset_2fa"`
 }
 
 // Validate validates form fields

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 06471fd6c4c84e01b2d4d3db6c89e01f462ec36d..de4dcde3f0bb54d3d2c71f21966a4fb1abcb15f4 100644 (file)
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2116,6 +2116,7 @@ users.delete_account = Delete User Account
 users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
 users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
 users.deletion_success = The user account has been deleted.
+users.reset_2fa = Reset 2FA
 
 emails.email_manage_panel = User Email Management
 emails.primary = Primary

diff --git a/routers/admin/users.go b/routers/admin/users.go
index 2ea496624b455c3042accdd356a356cd3b92f933..1dc6d5bbe204e732dc5a71d74ef5c24ecaafc427 100644 (file)
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -183,6 +183,16 @@ func prepareUserInfo(ctx *context.Context) *models.User {
        }
        ctx.Data["Sources"] = sources
 
+       ctx.Data["TwoFactorEnabled"] = true
+       _, err = models.GetTwoFactorByUID(u.ID)
+       if err != nil {
+               if !models.IsErrTwoFactorNotEnrolled(err) {
+                       ctx.InternalServerError(err)
+                       return nil
+               }
+               ctx.Data["TwoFactorEnabled"] = false
+       }
+
        return u
 }
 
@@ -259,6 +269,19 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
                u.HashPassword(form.Password)
        }
 
+       if form.Reset2FA {
+               tf, err := models.GetTwoFactorByUID(u.ID)
+               if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {
+                       ctx.InternalServerError(err)
+                       return
+               }
+
+               if err = models.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
+                       ctx.InternalServerError(err)
+                       return
+               }
+       }
+
        u.LoginName = form.LoginName
        u.FullName = form.FullName
        u.Email = form.Email

diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
index d6cbdd5f53f5c6635ee9429e4d8a0cdabfb7f500..9edf337f04c08d16a59f587c3ae6c107de6da5c1 100644 (file)
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -110,6 +110,16 @@
                                </div>
                                {{end}}
 
+                               {{if .TwoFactorEnabled}}
+                               <div class="ui divider"></div>
+                               <div class="inline field">
+                                       <div class="ui checkbox">
+                                               <label><strong>{{.i18n.Tr "admin.users.reset_2fa"}}</strong></label>
+                                               <input name="reset_2fa" type="checkbox">
+                                       </div>
+                               </div>
+                               {{end}}
+
                                <div class="ui divider"></div>
 
                                <div class="field">