summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG1
-rw-r--r--app/views/admin/users/show.html.haml1
-rw-r--r--spec/features/admin/admin_disables_two_factor_spec.rb33
3 files changed, 35 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index a964a192216..a63d90a8f91 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -43,6 +43,7 @@ v 7.13.0 (unreleased)
- Redesign project page. Show README as default instead of activity. Move project activity to separate page
- Make left menu more hierarchical and less contextual by adding back item at top
- A fork can’t have a visibility level that is greater than the original project.
+ - Allow administrators to disable 2FA for a specific user
v 7.12.2
- Correctly show anonymous authorized applications under Profile > Applications.
diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml
index 8c6b8e851c4..33730ff05df 100644
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@@ -43,6 +43,7 @@
%strong{class: @user.two_factor_enabled? ? 'cgreen' : 'cred'}
- if @user.two_factor_enabled?
Enabled
+ = link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn btn-xs btn-remove pull-right', title: 'Disable Two-factor Authentication'
- else
Disabled
diff --git a/spec/features/admin/admin_disables_two_factor_spec.rb b/spec/features/admin/admin_disables_two_factor_spec.rb
new file mode 100644
index 00000000000..71be66303d2
--- /dev/null
+++ b/spec/features/admin/admin_disables_two_factor_spec.rb
@@ -0,0 +1,33 @@
+require 'rails_helper'
+
+feature 'Admin disables 2FA for a user', feature: true do
+ scenario 'successfully', js: true do
+ login_as(:admin)
+ user = create(:user, :two_factor)
+
+ edit_user(user)
+ page.within('.two-factor-status') do
+ click_link 'Disable'
+ end
+
+ page.within('.two-factor-status') do
+ expect(page).to have_content 'Disabled'
+ expect(page).not_to have_button 'Disable'
+ end
+ end
+
+ scenario 'for a user without 2FA enabled' do
+ login_as(:admin)
+ user = create(:user)
+
+ edit_user(user)
+
+ page.within('.two-factor-status') do
+ expect(page).not_to have_button 'Disable'
+ end
+ end
+
+ def edit_user(user)
+ visit admin_user_path(user)
+ end
+end