diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/views/admin/users/show.html.haml | 1 | ||||
| -rw-r--r-- | spec/features/admin/admin_disables_two_factor_spec.rb | 33 |
3 files changed, 35 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index a964a192216..a63d90a8f91 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -43,6 +43,7 @@ v 7.13.0 (unreleased) - Redesign project page. Show README as default instead of activity. Move project activity to separate page - Make left menu more hierarchical and less contextual by adding back item at top - A fork can’t have a visibility level that is greater than the original project. + - Allow administrators to disable 2FA for a specific user v 7.12.2 - Correctly show anonymous authorized applications under Profile > Applications. diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml index 8c6b8e851c4..33730ff05df 100644 --- a/app/views/admin/users/show.html.haml +++ b/app/views/admin/users/show.html.haml @@ -43,6 +43,7 @@ %strong{class: @user.two_factor_enabled? ? 'cgreen' : 'cred'} - if @user.two_factor_enabled? Enabled + = link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn btn-xs btn-remove pull-right', title: 'Disable Two-factor Authentication' - else Disabled diff --git a/spec/features/admin/admin_disables_two_factor_spec.rb b/spec/features/admin/admin_disables_two_factor_spec.rb new file mode 100644 index 00000000000..71be66303d2 --- /dev/null +++ b/spec/features/admin/admin_disables_two_factor_spec.rb @@ -0,0 +1,33 @@ +require 'rails_helper' + +feature 'Admin disables 2FA for a user', feature: true do + scenario 'successfully', js: true do + login_as(:admin) + user = create(:user, :two_factor) + + edit_user(user) + page.within('.two-factor-status') do + click_link 'Disable' + end + + page.within('.two-factor-status') do + expect(page).to have_content 'Disabled' + expect(page).not_to have_button 'Disable' + end + end + + scenario 'for a user without 2FA enabled' do + login_as(:admin) + user = create(:user) + + edit_user(user) + + page.within('.two-factor-status') do + expect(page).not_to have_button 'Disable' + end + end + + def edit_user(user) + visit admin_user_path(user) + end +end |