diff --git a/CHANGES b/CHANGES index 52fa00a4f..d4b733325 100644 --- a/CHANGES +++ b/CHANGES @@ -2259,4 +2259,5 @@ * hsts: change max-age to 2 years * clone: copy over redis memory limit * namecheap: fix bug where records were not removed +* add UI to disable 2FA of a user diff --git a/src/routes/users.js b/src/routes/users.js index 8025a7c9b..7f0a0fe2d 100644 --- a/src/routes/users.js +++ b/src/routes/users.js @@ -15,6 +15,8 @@ exports = module.exports = { clearAvatar, makeOwner, + disableTwoFactorAuthentication, + load }; @@ -156,6 +158,18 @@ function createInvite(req, res, next) { }); } +function disableTwoFactorAuthentication(req, res, next) { + assert.strictEqual(typeof req.resource, 'object'); + + if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but user has only '${req.user.role}'`)); + + users.disableTwoFactorAuthentication(req.resource.id, function (error, result) { + if (error) return next(BoxError.toHttpError(error)); + + next(new HttpSuccess(200, result)); + }); +} + function sendInvite(req, res, next) { assert.strictEqual(typeof req.resource, 'object'); diff --git a/src/server.js b/src/server.js index f9697c5c2..2c391ba2f 100644 --- a/src/server.js +++ b/src/server.js @@ -180,6 +180,7 @@ function initializeExpressSync() { router.post('/api/v1/users/:userId/create_invite', json, token, authorizeUserManager, routes.users.load, routes.users.createInvite); router.post('/api/v1/users/:userId/avatar', json, token, authorizeUserManager, routes.users.load, multipart, routes.users.setAvatar); router.del ('/api/v1/users/:userId/avatar', token, authorizeUserManager, routes.users.load, routes.users.clearAvatar); + router.post('/api/v1/users/:userId/twofactorauthentication_disable', json, token, authorizeUserManager, routes.users.load, routes.users.disableTwoFactorAuthentication); // Group management router.get ('/api/v1/groups', token, authorizeUserManager, routes.groups.list);