support disabling user 2fa setting

2021-04-04 23:52:00 +08:00
parent 6ec5bea631
commit 3a8f6d9a4c
2 changed files with 93 additions and 16 deletions
@@ -97,6 +97,19 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "user-2fa-disable",
+			Usage:  "Disable user 2fa setting",
+			Action: disableUser2FA,
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+			},
+		},
 		{
 			Name:   "user-token-clear",
 			Usage:  "Clear user all tokens",
@@ -231,6 +244,26 @@ func deleteUser(c *cli.Context) error {
 	return nil
 }

+func disableUser2FA(c *cli.Context) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	err = clis.UserData.DisableUserTwoFactorAuthorization(c, username)
+
+	if err != nil {
+		log.BootErrorf("[user_data.disableUser2FA] error occurs when disabling user two factor authorization")
+		return err
+	}
+
+	log.BootInfof("[user_data.disableUser2FA] two factor authorization of user \"%s\" has been disabled", username)
+
+	return nil
+}
+
 func clearUserTokens(c *cli.Context) error {
 	_, err := initializeSystem(c)

@@ -18,25 +18,27 @@ const pageCountForDataExport = 1000

 // UserDataCli represents user data cli
 type UserDataCli struct {
-	csvExporter  *exporters.CSVFileExporter
-	accounts     *services.AccountService
-	transactions *services.TransactionService
-	categories   *services.TransactionCategoryService
-	tags         *services.TransactionTagService
-	users        *services.UserService
-	tokens       *services.TokenService
+	csvExporter             *exporters.CSVFileExporter
+	accounts                *services.AccountService
+	transactions            *services.TransactionService
+	categories              *services.TransactionCategoryService
+	tags                    *services.TransactionTagService
+	users                   *services.UserService
+	twoFactorAuthorizations *services.TwoFactorAuthorizationService
+	tokens                  *services.TokenService
 }

 // Initialize an user data cli singleton instance
 var (
 	UserData = &UserDataCli{
-		csvExporter:  &exporters.CSVFileExporter{},
-		accounts:     services.Accounts,
-		transactions: services.Transactions,
-		users:        services.Users,
-		categories:   services.TransactionCategories,
-		tags:         services.TransactionTags,
-		tokens:       services.Tokens,
+		csvExporter:             &exporters.CSVFileExporter{},
+		accounts:                services.Accounts,
+		transactions:            services.Transactions,
+		categories:              services.TransactionCategories,
+		tags:                    services.TransactionTags,
+		users:                   services.Users,
+		twoFactorAuthorizations: services.TwoFactorAuthorizations,
+		tokens:                  services.Tokens,
 	}
 )

@@ -89,7 +91,7 @@ func (l *UserDataCli) AddNewUser(c *cli.Context, username string, email string,
 		return nil, err
 	}

-	log.BootInfof( "[user_data.AddNewUser] user \"%s\" has add successfully, uid is %d", user.Username, user.Uid)
+	log.BootInfof("[user_data.AddNewUser] user \"%s\" has add successfully, uid is %d", user.Username, user.Uid)

 	return user, nil
 }
@@ -187,7 +189,7 @@ func (l *UserDataCli) ClearUserTokens(c *cli.Context, username string) error {

 	if err != nil {
 		log.BootErrorf("[user_data.ClearUserTokens] error occurs when getting user id by user name")
-		return  err
+		return err
 	}

 	now := time.Now().Unix()
@@ -201,6 +203,48 @@ func (l *UserDataCli) ClearUserTokens(c *cli.Context, username string) error {
 	return nil
 }

+// DisableUserTwoFactorAuthorization disables 2fa for the specified user
+func (l *UserDataCli) DisableUserTwoFactorAuthorization(c *cli.Context, username string) error {
+	if username == "" {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] user name is empty")
+		return errs.ErrUsernameIsEmpty
+	}
+
+	uid, err := l.getUserIdByUsername(c, username)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] error occurs when getting user id by user name")
+		return err
+	}
+
+	enableTwoFactor, err := l.twoFactorAuthorizations.ExistsTwoFactorSetting(uid)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] failed to check two factor setting, because %s", err.Error())
+		return err
+	}
+
+	if !enableTwoFactor {
+		return errs.ErrTwoFactorIsNotEnabled
+	}
+
+	err = l.twoFactorAuthorizations.DeleteTwoFactorRecoveryCodes(uid)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] failed to delete two factor recovery codes for user \"%s\"", username)
+		return err
+	}
+
+	err = l.twoFactorAuthorizations.DeleteTwoFactorSetting(uid)
+
+	if err != nil {
+		log.BootErrorf("[user_data.DisableUserTwoFactorAuthorization] failed to delete two factor setting for user \"%s\"", username)
+		return err
+	}
+
+	return nil
+}
+
 // CheckTransactionAndAccount checks whether all user transactions and all user accounts are correct
 func (l *UserDataCli) CheckTransactionAndAccount(c *cli.Context, username string) (bool, error) {
 	if username == "" {