From a5cd3f791cf723144f59d690f48374a6fc3a9cff Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Sat, 22 Jan 2022 08:53:41 +0000
Subject: [PATCH] Add "Two-factor authentication" filter and column to Users
 list in administration (#35934).

git-svn-id: http://svn.redmine.org/redmine/trunk@21380 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/users_controller.rb      |  9 +++++
 app/views/users/index.html.erb           | 11 ++++++
 test/functional/users_controller_test.rb | 44 ++++++++++++++++++++++++
 3 files changed, 64 insertions(+)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2784d2b07..566423704 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -54,6 +54,15 @@ class UsersController < ApplicationController
     scope = scope.like(params[:name]) if params[:name].present?
     scope = scope.in_group(params[:group_id]) if params[:group_id].present?
 
+    if params[:twofa].present?
+      case params[:twofa].to_i
+      when 1
+        scope = scope.where.not(twofa_scheme: nil)
+      when 0
+        scope = scope.where(twofa_scheme: nil)
+      end
+    end
+
     @user_count = scope.count
     @user_pages = Paginator.new @user_count, @limit, params['page']
     @offset ||= @user_pages.offset
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index 7987d3b99..c57127da3 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -19,6 +19,11 @@
 <%= select_tag 'group_id', content_tag('option') + options_from_collection_for_select(@groups, :id, :name, params[:group_id].to_i), :onchange => "this.form.submit(); return false;"  %>
 <% end %>
 
+<% if Setting.twofa_required? || Setting.twofa_optional? %>
+  <label for='twofa'><%= l(:setting_twofa) %>:</label>
+  <%= select_tag 'twofa', options_for_select([[l(:general_text_yes), "1"], [l(:general_text_no), "0"]], params[:twofa]), :onchange => "this.form.submit(); return false;", :include_blank => true %>
+<% end %>
+
 <label for='name'><%= l(:label_user) %>:</label>
 <%= text_field_tag 'name', params[:name], :size => 30 %>
 <%= submit_tag l(:button_apply), :class => "small", :name => nil %>
@@ -37,6 +42,9 @@
   <%= sort_header_tag('lastname', :caption => l(:field_lastname)) %>
   <th><%= l(:field_mail) %></th>
   <%= sort_header_tag('admin', :caption => l(:field_admin), :default_order => 'desc') %>
+  <% if Setting.twofa_required? || Setting.twofa_optional? %>
+    <th><%= l(:setting_twofa) %></th>
+  <% end %>
   <%= sort_header_tag('created_on', :caption => l(:field_created_on), :default_order => 'desc') %>
   <%= sort_header_tag('last_login_on', :caption => l(:field_last_login_on), :default_order => 'desc') %>
     <th></th>
@@ -49,6 +57,9 @@
   <td class="lastname"><%= user.lastname %></td>
   <td class="email"><%= mail_to(user.mail) %></td>
   <td class="tick"><%= checked_image user.admin? %></td>
+  <% if Setting.twofa_required? || Setting.twofa_optional? %>
+    <td class="twofa tick"><%= checked_image user.twofa_active? %></td>
+  <% end %>
   <td class="created_on"><%= format_time(user.created_on) %></td>
   <td class="last_login_on"><%= format_time(user.last_login_on) unless user.last_login_on.nil? %></td>
     <td class="buttons">
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index 8bdc1a9e7..40d842607 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -66,6 +66,50 @@ class UsersControllerTest < Redmine::ControllerTest
     end
   end
 
+  def test_index_should_not_show_2fa_filter_and_column_if_disabled
+    with_settings twofa: "0" do
+      get :index
+      assert_response :success
+
+      assert_select "select#twofa", 0
+      assert_select 'td.twofa', 0
+    end
+  end
+
+  def test_index_filter_by_twofa_yes
+    with_settings twofa: "1" do
+      user = User.find(1)
+      user.twofa_totp_key = "AVYA3RARZ3GY3VWT7MIEJ72I5TTJRO3X"
+      user.twofa_scheme = "totp"
+      user.save
+
+      get :index, :params => {:twofa => '1'}
+      assert_response :success
+
+      assert_select "select#twofa", 1
+
+      assert_select 'tr.user', 1
+      assert_select 'td.twofa.tick .icon-checked'
+    end
+  end
+
+  def test_index_filter_by_twofa_no
+    with_settings twofa: "1" do
+      user = User.find(1)
+      user.twofa_totp_key = "AVYA3RARZ3GY3VWT7MIEJ72I5TTJRO3X"
+      user.twofa_scheme = "totp"
+      user.save
+
+      get :index, :params => {:twofa => '0'}
+      assert_response :success
+
+      assert_select "select#twofa", 1
+      assert_select "td.twofa.tick" do
+        assert_select "span.icon-checked", 0
+      end
+    end
+  end
+
   def test_index_csv
     with_settings :default_language => 'en' do
       user = User.logged.status(1).first
-- 
2.39.5