Skip to content
Snippets Groups Projects
Commit 9c0e1bbb authored by Arie Peterson's avatar Arie Peterson
Browse files

Allow admins to remove TOTP using cli

parent a07291e7
No related branches found
No related tags found
No related merge requests found
......@@ -91,6 +91,10 @@ class UserService:
return UserService.get_user(res["id"])
@staticmethod
def reset_2fa(id):
KratosApi.delete("/admin/identities/{}/credentials/totp".format(id))
@staticmethod
def __start_recovery_flow(email):
......
......@@ -36,6 +36,14 @@ def get_user_recovery(id):
res = UserService.create_recovery_link(id)
return jsonify(res)
@api_v1.route("/users/<string:id>/reset_2fa", methods=["POST"])
@jwt_required()
@cross_origin()
@admin_required()
def reset_2fa(id):
res = UserService.reset_2fa(id)
return jsonify(res)
@api_v1.route("/users", methods=["POST"])
@jwt_required()
@cross_origin()
......
......@@ -17,8 +17,9 @@ from sqlalchemy import func
from config import HYDRA_ADMIN_URL, KRATOS_ADMIN_URL, KRATOS_PUBLIC_URL
from helpers import KratosUser
from cliapp import cli
from areas.roles import Role
from areas.apps import AppRole, App
from areas.roles import Role
from areas.users import UserService
from database import db
# APIs
......@@ -400,4 +401,22 @@ def recover_user(email):
current_app.logger.error(f"Error while getting reset link: {error}")
@user_cli.command("reset_2fa")
@click.argument("email")
def reset_2fa(email):
"""Remove configured second factor for a user.
:param email: Email address of the user
"""
current_app.logger.info(f"Removing second factor for user: {email}")
try:
# Get the ID of the user
kratos_user = KratosUser.find_by_email(kratos_identity_api, email)
# Get a recovery URL
UserService.reset_2fa(kratos_user.uuid)
except Exception as error: # pylint: disable=broad-except
current_app.logger.error(f"Error while removing second factor: {error}")
cli.cli.add_command(user_cli)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment