Merge pull request #28421 from nextcloud/enhancement/2fa-backup-codes-disable-admin

Allow admins to disable 2FA backup codes via occ

4 files changed, 28 insertions, 2 deletions

diff --git a/apps/twofactor_backupcodes/lib/Provider/BackupCodesProvider.php b/apps/twofactor_backupcodes/lib/Provider/BackupCodesProvider.php
index c34497393e8..a9ef2a2b252 100644
--- a/apps/twofactor_backupcodes/lib/Provider/BackupCodesProvider.php
+++ b/apps/twofactor_backupcodes/lib/Provider/BackupCodesProvider.php
@@ -30,15 +30,15 @@ namespace OCA\TwoFactorBackupCodes\Provider;
 use OC\App\AppManager;
 use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
 use OCA\TwoFactorBackupCodes\Settings\Personal;
+use OCP\Authentication\TwoFactorAuth\IDeactivatableByAdmin;
 use OCP\Authentication\TwoFactorAuth\IPersonalProviderSettings;
-use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Authentication\TwoFactorAuth\IProvidesPersonalSettings;
 use OCP\IInitialStateService;
 use OCP\IL10N;
 use OCP\IUser;
 use OCP\Template;
 
-class BackupCodesProvider implements IProvider, IProvidesPersonalSettings {
+class BackupCodesProvider implements IDeactivatableByAdmin, IProvidesPersonalSettings {
 
 	/** @var string */
 	private $appName;
@@ -164,4 +164,8 @@ class BackupCodesProvider implements IProvider, IProvidesPersonalSettings {
 		$this->initialStateService->provideInitialState($this->appName, 'state', $state);
 		return new Personal();
 	}
+
+	public function disableFor(IUser $user) {
+		$this->storage->deleteCodes($user);
+	}
 }
diff --git a/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php b/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php
index 869833dbd46..4ecff652ae7 100644
--- a/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php
+++ b/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php
@@ -136,4 +136,8 @@ class BackupCodeStorage {
 		}
 		return false;
 	}
+
+	public function deleteCodes(IUser $user): void {
+		$this->mapper->deleteCodes($user);
+	}
 }
diff --git a/apps/twofactor_backupcodes/tests/Unit/Provider/BackupCodesProviderTest.php b/apps/twofactor_backupcodes/tests/Unit/Provider/BackupCodesProviderTest.php
index da768321d57..bb4d7f662cb 100644
--- a/apps/twofactor_backupcodes/tests/Unit/Provider/BackupCodesProviderTest.php
+++ b/apps/twofactor_backupcodes/tests/Unit/Provider/BackupCodesProviderTest.php
@@ -159,4 +159,13 @@ class BackupCodesProviderTest extends TestCase {
 
 		$this->assertTrue($this->provider->isActive($user));
 	}
+
+	public function testDisable(): void {
+		$user = $this->getMockBuilder(IUser::class)->getMock();
+		$this->storage->expects(self::once())
+			->method('deleteCodes')
+			->with($user);
+
+		$this->provider->disableFor($user);
+	}
 }
diff --git a/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php b/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php
index 1465c351bfd..100b70583fe 100644
--- a/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php
+++ b/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php
@@ -236,4 +236,13 @@ class BackupCodeStorageTest extends TestCase {
 
 		$this->assertFalse($this->storage->validateCode($user, 'CHALLENGE'));
 	}
+
+	public function testDeleteCodes(): void {
+		$user = $this->createMock(IUser::class);
+		$this->mapper->expects($this->once())
+			->method('deleteCodes')
+			->with($user);
+
+		$this->storage->deleteCodes($user);
+	}
 }