github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 07:53:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Disable security keys at same time as TOTP 2FA (#10144)

Browse Source 
Previously, the "Remove 2FA" button could result in an error. This syncs button visibility with behavior.

* FIX: Only offer disabling 2FA to admins
This commit is contained in:
Kane York
2020-07-07 12:19:30 -07:00
committed by GitHub
parent 81fe8a50d4
commit c86b1ee9d1
3 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/admin/users_controller.rb
View File

@ -361,9 +361,11 @@ class Admin::UsersController < Admin::AdminController
def disable_second_factor
guardian.ensure_can_disable_second_factor!(@user)
user_second_factor = @user.user_second_factors
raise Discourse::InvalidParameters unless !user_second_factor.empty?
user_security_key = @user.security_keys
raise Discourse::InvalidParameters if user_second_factor.empty? && user_security_key.empty?
user_second_factor.destroy_all
user_security_key.destroy_all
StaffActionLogger.new(current_user).log_disable_second_factor_auth(@user)
Jobs.enqueue(