diff options
| author | feld <feld@feld.me> | 2020-06-12 14:01:19 +0000 |
|---|---|---|
| committer | feld <feld@feld.me> | 2020-06-12 14:01:19 +0000 |
| commit | 6d902916dd513fa2d60e37488a60fa8b152c73fa (patch) | |
| tree | 0bcb74be6247123ed3ea563009e8cc6c656aadf3 | |
| parent | ebbf2189ee998c77d025823ab10d76443c17b9e9 (diff) | |
| parent | e505e59d9c43db286ccf7fe70da2fa974ae3d700 (diff) | |
| download | pleroma-6d902916dd513fa2d60e37488a60fa8b152c73fa.tar.gz | |
Merge branch 'features/mix-task-reset-mfa' into 'develop'
New mix task: pleroma.user reset_mfa <nickname>
See merge request pleroma/pleroma!2643
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | docs/administration/CLI_tasks/user.md | 10 | ||||
| -rw-r--r-- | lib/mix/tasks/pleroma/user.ex | 12 | ||||
| -rw-r--r-- | test/tasks/user_test.exs | 30 |
4 files changed, 53 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index b19cae8b1..ac2271d27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Configuration: `filename_display_max_length` option to set filename truncate limit, if filename display enabled (0 = no limit). - New HTTP adapter [gun](https://github.com/ninenines/gun). Gun adapter requires minimum OTP version of 22.2 otherwise Pleroma won’t start. For hackney OTP update is not required. - Mix task to create trusted OAuth App. +- Mix task to reset MFA for user accounts - Notifications: Added `follow_request` notification type. - Added `:reject_deletes` group to SimplePolicy - MRF (`EmojiStealPolicy`): New MRF Policy which allows to automatically download emojis from remote instances diff --git a/docs/administration/CLI_tasks/user.md b/docs/administration/CLI_tasks/user.md index afeb8d52f..1e6f4a8b4 100644 --- a/docs/administration/CLI_tasks/user.md +++ b/docs/administration/CLI_tasks/user.md @@ -135,6 +135,16 @@ mix pleroma.user reset_password <nickname> ``` +## Disable Multi Factor Authentication (MFA/2FA) for a user +```sh tab="OTP" + ./bin/pleroma_ctl user reset_mfa <nickname> +``` + +```sh tab="From Source" +mix pleroma.user reset_mfa <nickname> +``` + + ## Set the value of the given user's settings ```sh tab="OTP" ./bin/pleroma_ctl user set <nickname> [option ...] diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index 3635c02bc..bca7e87bf 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -144,6 +144,18 @@ defmodule Mix.Tasks.Pleroma.User do end end + def run(["reset_mfa", nickname]) do + start_pleroma() + + with %User{local: true} = user <- User.get_cached_by_nickname(nickname), + {:ok, _token} <- Pleroma.MFA.disable(user) do + shell_info("Multi-Factor Authentication disabled for #{user.nickname}") + else + _ -> + shell_error("No local user #{nickname}") + end + end + def run(["deactivate", nickname]) do start_pleroma() diff --git a/test/tasks/user_test.exs b/test/tasks/user_test.exs index b55aa1cdb..9220d23fc 100644 --- a/test/tasks/user_test.exs +++ b/test/tasks/user_test.exs @@ -4,6 +4,7 @@ defmodule Mix.Tasks.Pleroma.UserTest do alias Pleroma.Activity + alias Pleroma.MFA alias Pleroma.Object alias Pleroma.Repo alias Pleroma.Tests.ObanHelpers @@ -278,6 +279,35 @@ defmodule Mix.Tasks.Pleroma.UserTest do end end + describe "running reset_mfa" do + test "disables MFA" do + user = + insert(:user, + multi_factor_authentication_settings: %MFA.Settings{ + enabled: true, + totp: %MFA.Settings.TOTP{secret: "xx", confirmed: true} + } + ) + + Mix.Tasks.Pleroma.User.run(["reset_mfa", user.nickname]) + + assert_received {:mix_shell, :info, [message]} + assert message == "Multi-Factor Authentication disabled for #{user.nickname}" + + assert %{enabled: false, totp: false} == + user.nickname + |> User.get_cached_by_nickname() + |> MFA.mfa_settings() + end + + test "no user to reset MFA" do + Mix.Tasks.Pleroma.User.run(["reset_password", "nonexistent"]) + + assert_received {:mix_shell, :error, [message]} + assert message =~ "No local user" + end + end + describe "running invite" do test "invite token is generated" do assert capture_io(fn -> |