Merge pull request #1274 from ORCID/allow-admins-to-disable-2fa

Allow admins to disable 2fa

Author: bobcaprice

ui/cypress/e2e/retention/add-user.cy.js

@@ -38,6 +38,8 @@ describe("Add new user", () => {
     cy.get("#field_mainContact").click();
     // Admin checkbox should not exist
     cy.get("#field_isAdmin").should("not.exist");
+    // Disable 2fa should not exist
+    cy.get("#field_twoFactorAuthentication").should("not.exist");
     // save
     cy.get("#save-entity").click();
     cy.get(".alert-success").should("exist");

ui/cypress/e2e/retention/edit-user.cy.js

@@ -39,6 +39,8 @@ describe("Test the edit user form", () => {
     cy.get("#field_salesforceId").invoke("attr", "disabled").should("exist");
     // Admin checkbox should not exist
     cy.get("#field_isAdmin").should("not.exist");
+    // Disable 2fa should not exist
+    cy.get("#field_twoFactorAuthentication").should("not.exist");
     // 'Activated' checkbox is missing the 'disabled' attr
     /*cy.get('#field_activated')
       .invoke('attr', 'disabled')

ui/src/app/account/login/login.component.spec.ts

@@ -45,6 +45,7 @@ describe('LoginComponent', () => {
     loginService.login.and.returnValue(of(mockLoginResult))
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

ui/src/app/account/model/account.model.ts

@@ -1,4 +1,5 @@
 export interface IAccount {
+  id: string
   activated: boolean
   authorities: string[]
   email: string

ui/src/app/account/service/account.service.ts

@@ -89,8 +89,8 @@ export class AccountService {
     )
   }
 
-  disableMfa(): Observable<boolean> {
-    return this.http.post('/services/userservice/api/account/mfa/off', null, { observe: 'response' }).pipe(
+  disableMfa(userId: string): Observable<boolean> {
+    return this.http.post(`/services/userservice/api/account/${userId}/mfa/off`, null, { observe: 'response' }).pipe(
       map((res: HttpResponse<any>) => this.isSuccess(res)),
       catchError(() => {
         return of(false)

ui/src/app/account/settings/settings.component.spec.ts

@@ -63,6 +63,7 @@ describe('SettingsComponent', () => {
   it('should create', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -84,6 +85,7 @@ describe('SettingsComponent', () => {
   it('should flip mfa fields when mfa state changed', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -115,6 +117,7 @@ describe('SettingsComponent', () => {
   it('should flip mfa fields when mfa state changed', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -141,6 +144,7 @@ describe('SettingsComponent', () => {
   it('save mfa enabled should call account service enable', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -169,6 +173,7 @@ describe('SettingsComponent', () => {
   it('save mfa enabled should call account service disable', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -185,6 +190,7 @@ describe('SettingsComponent', () => {
     )
     accountServiceSpy.getMfaSetup.and.returnValue(of({ secret: 'test', otp: 'test', qrCode: ['test'] }))
     accountServiceSpy.disableMfa.and.returnValue(of(true))
+    fixture.detectChanges()
 
     component.mfaForm.patchValue({ mfaEnabled: false, verificationCode: 'test' })
     component.saveMfa()
@@ -197,6 +203,7 @@ describe('SettingsComponent', () => {
     accountServiceSpy.save.and.returnValue(of(true))
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -222,6 +229,7 @@ describe('SettingsComponent', () => {
     accountServiceSpy.save.and.returnValue(of(false))
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

ui/src/app/account/settings/settings.component.ts

@@ -118,15 +118,17 @@ export class SettingsComponent implements OnInit {
         }
       })
     } else {
-      this.accountService.disableMfa().subscribe({
-        next: () => {
-          this.showMfaUpdated = true
-          this.accountService.getMfaSetup().subscribe((res) => {
-            this.mfaSetup = res
-          })
-        },
-        error: (err) => console.log('error disabling mfa'),
-      })
+      if (this.account && this.account.id) {
+        this.accountService.disableMfa(this.account.id).subscribe({
+          next: () => {
+            this.showMfaUpdated = true
+            this.accountService.getMfaSetup().subscribe((res) => {
+              this.mfaSetup = res
+            })
+          },
+          error: (err) => console.log('error disabling mfa'),
+        })
+      }
     }
   }
 

ui/src/app/affiliation/affiliations.component.spec.ts

@@ -63,6 +63,7 @@ describe('AffiliationsComponent', () => {
 
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER', 'ROLE_ADMIN'],
         email: 'email@email.com',

ui/src/app/affiliation/send-notifications-dialog.component.spec.ts

@@ -68,6 +68,7 @@ describe('SendNotificationsDialogComponent', () => {
   it('should create', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

ui/src/app/home/consortium/add-consortium-member.component.spec.ts

@@ -48,6 +48,7 @@ describe('AddConsortiumMemberComponent', () => {
 
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',