vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 026f9da035dcbf5ff12387600162841f94b47154
parent d23d4f2c1dc0a1c41e91adfa69cfa30a7211126f
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Wed, 21 Aug 2019 17:13:06 +0200

Allow removing users two factors

Diffstat:

Msrc/api/admin.rs | 13+++++++++++++


Msrc/api/core/two_factor.rs | 4+---


Msrc/static/templates/admin/page.hbs | 16+++++++++++++---


3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/src/api/admin.rs b/src/api/admin.rs
@@ -28,6 +28,7 @@ pub fn routes() -> Vec<Route> {
         invite_user,
         delete_user,
         deauth_user,
+        remove_2fa,
         update_revision_users,
         post_config,
         delete_config,
@@ -196,6 +197,18 @@ fn deauth_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
     user.save(&conn)
 }
 
+#[post("/users/<uuid>/remove-2fa")]
+fn remove_2fa(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
+    let mut user = match User::find_by_uuid(&uuid, &conn) {
+        Some(user) => user,
+        None => err!("User doesn't exist"),
+    };
+
+    TwoFactor::delete_all_by_user(&user.uuid, &conn)?;
+    user.totp_recover = None;
+    user.save(&conn)
+}
+
 #[post("/users/update_revision")]
 fn update_revision_users(_token: AdminToken, conn: DbConn) -> EmptyResult {
     User::update_all_revisions(&conn)
diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs
@@ -95,9 +95,7 @@ fn recover(data: JsonUpcase<RecoverTwoFactor>, conn: DbConn) -> JsonResult {
     }
 
     // Remove all twofactors from the user
-    for twofactor in TwoFactor::find_by_user(&user.uuid, &conn) {
-        twofactor.delete(&conn)?;
-    }
+    TwoFactor::delete_all_by_user(&user.uuid, &conn)?;
 
     // Remove the recovery code, not needed without twofactors
     user.totp_recover = None;
diff --git a/src/static/templates/admin/page.hbs b/src/static/templates/admin/page.hbs
@@ -26,9 +26,13 @@
                                 {{/each}}
                             </span>
                         </div>
-                        <div style="flex: 0 0 240px;">
-                            <a class="mr-3" href="#" onclick='deauthUser({{jsesc Id}})'>Deauthorize sessions</a>
-                            <a class="mr-3" href="#" onclick='deleteUser({{jsesc Id}}, {{jsesc Email}})'>Delete User</a>
+                        <div style="flex: 0 0 300px; font-size: 90%; text-align: right; padding-right: 15px">
+                            {{#if TwoFactorEnabled}}
+                            <a class="mr-2" href="#" onclick='remove2fa({{jsesc Id}})'>Remove all 2FA</a>
+                            {{/if}}
+
+                            <a class="mr-2" href="#" onclick='deauthUser({{jsesc Id}})'>Deauthorize sessions</a>
+                            <a class="mr-2" href="#" onclick='deleteUser({{jsesc Id}}, {{jsesc Email}})'>Delete User</a>
                         </div>
                     </div>
                 </div>
@@ -227,6 +231,12 @@
         }
         return false;
     }
+    function remove2fa(id) {
+        _post("/admin/users/" + id + "/remove-2fa",
+            "2FA removed correctly",
+            "Error removing 2FA");
+        return false;
+    }
     function deauthUser(id) {
         _post("/admin/users/" + id + "/deauth",
             "Sessions deauthorized correctly",