support disabling user 2fa setting

cmd/user_data.go

@@ -97,6 +97,19 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "user-2fa-disable",
+			Usage:  "Disable user 2fa setting",
+			Action: disableUser2FA,
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+			},
+		},
 		{
 			Name:   "user-token-clear",
 			Usage:  "Clear user all tokens",
@@ -231,6 +244,26 @@ func deleteUser(c *cli.Context) error {
 	return nil
 }
 
+func disableUser2FA(c *cli.Context) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	err = clis.UserData.DisableUserTwoFactorAuthorization(c, username)
+
+	if err != nil {
+		log.BootErrorf("[user_data.disableUser2FA] error occurs when disabling user two factor authorization")
+		return err
+	}
+
+	log.BootInfof("[user_data.disableUser2FA] two factor authorization of user \"%s\" has been disabled", username)
+
+	return nil
+}
+
 func clearUserTokens(c *cli.Context) error {
 	_, err := initializeSystem(c)
 

pkg/cli/user_data.go

@@ -24,6 +24,7 @@ type UserDataCli struct {
 	categories              *services.TransactionCategoryService
 	tags                    *services.TransactionTagService
 	users                   *services.UserService
+	twoFactorAuthorizations *services.TwoFactorAuthorizationService
 	tokens                  *services.TokenService
 }
 
@@ -33,9 +34,10 @@ var (
 		csvExporter:             &exporters.CSVFileExporter{},
 		accounts:                services.Accounts,
 		transactions:            services.Transactions,
-		users:        services.Users,
 		categories:              services.TransactionCategories,
 		tags:                    services.TransactionTags,
+		users:                   services.Users,
+		twoFactorAuthorizations: services.TwoFactorAuthorizations,
 		tokens:                  services.Tokens,
 	}
 )
@@ -201,6 +203,48 @@ func (l *UserDataCli) ClearUserTokens(c *cli.Context, username string) error {
 	return nil
 }
 
+// DisableUserTwoFactorAuthorization disables 2fa for the specified user
+func (l *UserDataCli) DisableUserTwoFactorAuthorization(c *cli.Context, username string) error {
+	if username == "" {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] user name is empty")
+		return errs.ErrUsernameIsEmpty
+	}
+
+	uid, err := l.getUserIdByUsername(c, username)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] error occurs when getting user id by user name")
+		return err
+	}
+
+	enableTwoFactor, err := l.twoFactorAuthorizations.ExistsTwoFactorSetting(uid)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] failed to check two factor setting, because %s", err.Error())
+		return err
+	}
+
+	if !enableTwoFactor {
+		return errs.ErrTwoFactorIsNotEnabled
+	}
+
+	err = l.twoFactorAuthorizations.DeleteTwoFactorRecoveryCodes(uid)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] failed to delete two factor recovery codes for user \"%s\"", username)
+		return err
+	}
+
+	err = l.twoFactorAuthorizations.DeleteTwoFactorSetting(uid)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] failed to delete two factor setting for user \"%s\"", username)
+		return err
+	}
+
+	return nil
+}
+
 // CheckTransactionAndAccount checks whether all user transactions and all user accounts are correct
 func (l *UserDataCli) CheckTransactionAndAccount(c *cli.Context, username string) (bool, error) {
 	if username == "" {