Add admin endpoint to remove MFA from a user (#478)

CentauriSolutions · Aug 8, 2023 · 6e8fba7 · 6e8fba7
1 parent 23eb552
commit 6e8fba7
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
@@ -120,7 +120,7 @@ def disable_two_factor # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
     respond_to do |format|
       if @model.disable_two_factor!
         format.html do
-          redirect_to [:edit, :admin, @model], notice: 'Two factor was disabled successfully'
+          redirect_to [:admin, @model], notice: 'Two factor was disabled successfully'
         end
         format.json { render :show, status: :ok, location: [:admin, @model] }
       else

diff --git a/app/views/admin/users/_sub_heading.html.erb b/app/views/admin/users/_sub_heading.html.erb
@@ -12,6 +12,7 @@
   <%= form_with(model: [:admin, @model], local: true, class: 'form-inline') do |form| %>
     <%= link_to 'Resend welcome email', [:admin, @model, :resend_welcome_email], method: :post, data: { confirm: 'Each welcome email resets the password reset link. Are you sure you want to continue?'}, class: "btn btn-warning"  %>
     <%= link_to 'Reset Password', [:admin, @model, :reset_password], method: :post, data: { confirm: 'Are you sure? Clicking reset multiple times will send multiple reset emails to the user.'}, class: "btn btn-warning"  %>
+    <%= link_to 'Disable MFA', [:admin, @model, :disable_two_factor], method: :post, data: { confirm: 'Are you sure? This will disable MFA for this user, reducing security.'}, class: "btn btn-warning" if @model.two_factor_enabled? %>
     <%= render partial: 'toggle_user', locals: { model: @model, form: form } %>
   <%- end %>
 </div>