ORCID · bobcaprice · Mar 5, 2025 · Feb 20, 2025 · Feb 20, 2025 · Feb 20, 2025
diff --git a/ui/cypress/e2e/retention/add-user.cy.js b/ui/cypress/e2e/retention/add-user.cy.js
@@ -27,6 +27,8 @@ describe("Add new user", () => {
     cy.get("#field_mainContact").click();
     // Admin checkbox should not exist
     cy.get("#field_isAdmin").should("not.exist");
+    // Disable 2fa should not exist
+    cy.get("#field_twoFactorAuthentication").should("not.exist");
     // save
     cy.get("#save-entity").click();
     cy.get(".alert-success").should("exist");

diff --git a/ui/cypress/e2e/retention/edit-user.cy.js b/ui/cypress/e2e/retention/edit-user.cy.js
@@ -29,6 +29,8 @@ describe("Test the edit user form", () => {
     cy.get("#field_salesforceId").invoke("attr", "disabled").should("exist");
     // Admin checkbox should not exist
     cy.get("#field_isAdmin").should("not.exist");
+    // Disable 2fa should not exist
+    cy.get("#field_twoFactorAuthentication").should("not.exist");
     // 'Activated' checkbox is missing the 'disabled' attr
     /*cy.get('#field_activated')
       .invoke('attr', 'disabled')

diff --git a/ui/src/app/account/login/login.component.spec.ts b/ui/src/app/account/login/login.component.spec.ts
@@ -11,7 +11,7 @@
  let component: LoginComponent
  let fixture: ComponentFixture<LoginComponent>
  let loginService: jasmine.SpyObj<LoginService>
  let stateStorageService: jasmine.SpyObj<StateStorageService>
  let accountService: jasmine.SpyObj<AccountService>

  beforeEach(() => {
@@ -45,6 +45,7 @@
     loginService.login.and.returnValue(of(mockLoginResult))
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

diff --git a/ui/src/app/account/model/account.model.ts b/ui/src/app/account/model/account.model.ts
@@ -1,4 +1,5 @@
 export interface IAccount {
+  id: string
   activated: boolean
   authorities: string[]
   email: string

diff --git a/ui/src/app/account/service/account.service.ts b/ui/src/app/account/service/account.service.ts
@@ -89,8 +89,8 @@ export class AccountService {
     )
   }
 
-  disableMfa(): Observable<boolean> {
-    return this.http.post('/services/userservice/api/account/mfa/off', null, { observe: 'response' }).pipe(
+  disableMfa(userId: string): Observable<boolean> {
+    return this.http.post(`/services/userservice/api/account/${userId}/mfa/off`, null, { observe: 'response' }).pipe(
       map((res: HttpResponse<any>) => this.isSuccess(res)),
       catchError(() => {
         return of(false)

diff --git a/ui/src/app/account/settings/settings.component.spec.ts b/ui/src/app/account/settings/settings.component.spec.ts
@@ -63,6 +63,7 @@ describe('SettingsComponent', () => {
   it('should create', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -84,6 +85,7 @@ describe('SettingsComponent', () => {
   it('should flip mfa fields when mfa state changed', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -115,6 +117,7 @@ describe('SettingsComponent', () => {
   it('should flip mfa fields when mfa state changed', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -141,6 +144,7 @@ describe('SettingsComponent', () => {
   it('save mfa enabled should call account service enable', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -169,6 +173,7 @@ describe('SettingsComponent', () => {
   it('save mfa enabled should call account service disable', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -185,6 +190,7 @@ describe('SettingsComponent', () => {
     )
     accountServiceSpy.getMfaSetup.and.returnValue(of({ secret: 'test', otp: 'test', qrCode: ['test'] }))
     accountServiceSpy.disableMfa.and.returnValue(of(true))
+    fixture.detectChanges()
 
     component.mfaForm.patchValue({ mfaEnabled: false, verificationCode: 'test' })
     component.saveMfa()
@@ -197,6 +203,7 @@ describe('SettingsComponent', () => {
     accountServiceSpy.save.and.returnValue(of(true))
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -222,6 +229,7 @@ describe('SettingsComponent', () => {
     accountServiceSpy.save.and.returnValue(of(false))
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

diff --git a/ui/src/app/account/settings/settings.component.ts b/ui/src/app/account/settings/settings.component.ts
@@ -118,15 +118,17 @@ export class SettingsComponent implements OnInit {
         }
       })
     } else {
-      this.accountService.disableMfa().subscribe({
-        next: () => {
-          this.showMfaUpdated = true
-          this.accountService.getMfaSetup().subscribe((res) => {
-            this.mfaSetup = res
-          })
-        },
-        error: (err) => console.log('error disabling mfa'),
-      })
+      if (this.account && this.account.id) {
+        this.accountService.disableMfa(this.account.id).subscribe({
+          next: () => {
+            this.showMfaUpdated = true
+            this.accountService.getMfaSetup().subscribe((res) => {
+              this.mfaSetup = res
+            })
+          },
+          error: (err) => console.log('error disabling mfa'),
+        })
+      }
     }
   }
 

diff --git a/ui/src/app/affiliation/affiliations.component.spec.ts b/ui/src/app/affiliation/affiliations.component.spec.ts
@@ -63,6 +63,7 @@ describe('AffiliationsComponent', () => {
 
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER', 'ROLE_ADMIN'],
         email: 'email@email.com',

diff --git a/ui/src/app/affiliation/send-notifications-dialog.component.spec.ts b/ui/src/app/affiliation/send-notifications-dialog.component.spec.ts
@@ -68,6 +68,7 @@ describe('SendNotificationsDialogComponent', () => {
   it('should create', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

diff --git a/ui/src/app/home/consortium/add-consortium-member.component.spec.ts b/ui/src/app/home/consortium/add-consortium-member.component.spec.ts
@@ -48,6 +48,7 @@ describe('AddConsortiumMemberComponent', () => {
 
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

diff --git a/ui/src/app/home/consortium/remove-consortium-member.component.spec.ts b/ui/src/app/home/consortium/remove-consortium-member.component.spec.ts
@@ -48,6 +48,7 @@ describe('RemoveConsortiumMemberComponent', () => {
 
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

diff --git a/ui/src/app/home/contact/contact-update.component.spec.ts b/ui/src/app/home/contact/contact-update.component.spec.ts
@@ -55,6 +55,7 @@ describe('ContactUpdateComponent', () => {
   it('should call getAccountData and getMemberData to get contact data on init', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

diff --git a/ui/src/app/home/home.component.spec.ts b/ui/src/app/home/home.component.spec.ts
@@ -36,6 +36,7 @@ describe('HomeComponent', () => {
   it('should call getMemberData if account data is not null', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',

diff --git a/ui/src/app/layout/navbar/navbar.component.spec.ts b/ui/src/app/layout/navbar/navbar.component.spec.ts
@@ -63,6 +63,7 @@ describe('NavbarComponent', () => {
     accountService.getSalesforceId.and.returnValue('sfid')
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER'],
         email: 'email@email.com',
@@ -107,6 +108,7 @@ describe('NavbarComponent', () => {
     accountService.getSalesforceId.and.returnValue('sfid')
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER', 'ROLE_CONSORTIUM_LEAD'],
         email: 'email@email.com',
@@ -144,6 +146,7 @@ describe('NavbarComponent', () => {
     accountService.getSalesforceId.and.returnValue('sfid')
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER', 'ASSERTION_SERVICE_ENABLED'],
         email: 'email@email.com',

diff --git a/ui/src/app/member/members.component.spec.ts b/ui/src/app/member/members.component.spec.ts
@@ -43,6 +43,7 @@ describe('MembersComponent', () => {
     memberServiceSpy.query.and.returnValue(of(new MemberPage([new Member('id')], 1)))
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER'],
         email: 'email@email.com',

diff --git a/ui/src/app/user/user-update.component.html b/ui/src/app/user/user-update.component.html
@@ -68,7 +68,7 @@ <h1 id="jhi-ms-user-heading" class="mt-5" i18n="@@gatewayApp.msUserServiceMSUser
             >Organization Owner</label
           >
         </div>
-        <div class="form-group">
+        <div class="form-group mb-0">
           <label
             class="form-control-label"
             i18n="@@gatewayApp.msUserServiceMSUser.salesforceId.string"
@@ -151,5 +151,64 @@ <h1 id="jhi-ms-user-heading" class="mt-5" i18n="@@gatewayApp.msUserServiceMSUser
         </button>
       </div>
     </form>
+    <form name="mfaForm" role="form" novalidate [formGroup]="mfaForm">
+      <ng-container *ngIf="existentUser && existentUser.id && hasRoleAdmin()">
+        <hr class="mb-32 mt-32" />
+        <h2 class="mb-8 font-size-18">
+          <ng-container i18n="@@settings.security.mfa.string">Two-factor authentication</ng-container>&nbsp;<span
+            class="mfaOn"
+            *ngIf="existentUser.mfaEnabled"
+            >(<ng-container i18n="@@settings.security.mfaOn.string">ON</ng-container>)</span
+          >
+          <span class="mfaOff" *ngIf="!existentUser.mfaEnabled"
+            >(<ng-container i18n="@@settings.security.mfaOff.string">OFF</ng-container>)</span
+          >
+        </h2>
+        <div class="font-size-14">
+          <ng-container *ngIf="existentUser.mfaEnabled">
+            <p class="mb-8" i18n="@@settings.security.disableMfaDescription.string">
+              Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the
+              member portal.
+            </p>
+            <div class="form-group">
+              <input
+                type="checkbox"
+                class="form-control"
+                name="twoFactorAuthentication"
+                id="field_twoFactorAuthentication"
+                formControlName="twoFactorAuthentication"
+              />
+              <label
+                class="form-control-label two-factor-authentication-label"
+                i18n="@@settings.security.mfa.string"
+                for="field_twoFactorAuthentication"
+                >Two-factor authentication</label
+              >
+            </div>
+          </ng-container>
+          <ng-container *ngIf="!existentUser.mfaEnabled">
+            <div class="warning-message d-flex p-16 mb-40 mt-16">
+              <img src="./../../../../content/images/warning-sign.svg" alt="Warning sign" class="p-8" />
+              <div class="font-size-14 wide-text line-height-150" i18n="@@settings.security.disabledMfaNotice.string">
+                Users can enable 2FA from their account settings page
+              </div>
+            </div>
+          </ng-container>
+        </div>
+      </ng-container>
+      <div class="form-group">
+        <button type="button" id="cancel-save" class="btn btn-outline-primary mr-2" (click)="navigateToUsersList()">
+          <fa-icon [icon]="faBan"></fa-icon>&nbsp;<span i18n="@@entity.action.cancel.string">Cancel</span>
+        </button>
+        <button
+          (click)="saveMfa()"
+          type="submit"
+          [disabled]="!disableMfa || isSaving || memberList.length === 0"
+          class="btn btn-primary"
+        >
+          <fa-icon [icon]="faSave"></fa-icon>&nbsp;<span i18n="@@entity.action.save.string">Save</span>
+        </button>
+      </div>
+    </form>
   </div>
 </div>
diff --git a/ui/src/app/user/user-update.component.scss b/ui/src/app/user/user-update.component.scss
@@ -0,0 +1,21 @@
+.warning-message {
+  img {
+    padding: 0 16px 0 8px !important;
+  }
+  div {
+    font-size: 0.875rem;
+  }
+  border: 2px solid #ff9c00;
+  border-radius: 4px;
+}
+
+.mfaOn {
+  color: #7faa26;
+}
+.mfaOff {
+  color: #d32f2f;
+}
+
+.two-factor-authentication-label {
+  font-weight: normal;
+}