fix: management api remove otp (#1010)

* fix: management api remove otp * add postinstall * remove mgmt otp Co-authored-by: Max Peintner <max@caos.ch>
2024-12-12 02:54:20 +00:00 · 2020-11-24 12:06:46 +01:00 · 2020-11-24 12:06:46 +01:00 · 75bf0409c4
commit 75bf0409c4
parent 855725c3c0
7 changed files with 71 additions and 2 deletions
--- a/console/src/app/pages/users/user-detail/user-detail/user-mfa/user-mfa.component.html
+++ b/console/src/app/pages/users/user-detail/user-detail/user-mfa/user-mfa.component.html
@ -17,6 +17,16 @@
                </td>
            </ng-container>

+            <ng-container matColumnDef="actions">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.MFA.TABLEACTIONS' | translate }} </th>
+                <td mat-cell *matCellDef="let mfa">
+                    <button matTooltip="{{'ACTIONS.REMOVE' | translate}}" color="warn" mat-icon-button
+                        (click)="deleteMFA(mfa.type)">
+                        <i class="las la-trash"></i>
+                    </button>
+                </td>
+            </ng-container>
+
            <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
            <tr class="highlight" mat-row *matRowDef="let row; columns: displayedColumns;">
            </tr>
--- a/console/src/app/pages/users/user-detail/user-detail/user-mfa/user-mfa.component.ts
+++ b/console/src/app/pages/users/user-detail/user-detail/user-mfa/user-mfa.component.ts
@ -1,9 +1,12 @@
 import { Component, Input, OnDestroy, OnInit, ViewChild } from '@angular/core';
+import { MatDialog } from '@angular/material/dialog';
 import { MatSort } from '@angular/material/sort';
 import { MatTable, MatTableDataSource } from '@angular/material/table';
 import { BehaviorSubject, Observable } from 'rxjs';
+import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
 import { MFAState, MfaType, UserMultiFactor, UserView } from 'src/app/proto/generated/management_pb';
 import { ManagementService } from 'src/app/services/mgmt.service';
+import { ToastService } from 'src/app/services/toast.service';


 export interface MFAItem {
@ -17,7 +20,7 @@ export interface MFAItem {
    styleUrls: ['./user-mfa.component.scss'],
 })
 export class UserMfaComponent implements OnInit, OnDestroy {
-    public displayedColumns: string[] = ['type', 'state'];
+    public displayedColumns: string[] = ['type', 'state', 'actions'];
    @Input() private user!: UserView.AsObject;
    public mfaSubject: BehaviorSubject<UserMultiFactor.AsObject[]> = new BehaviorSubject<UserMultiFactor.AsObject[]>([]);
    private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
@ -31,7 +34,7 @@ export class UserMfaComponent implements OnInit, OnDestroy {
    public MFAState: any = MFAState;

    public error: string = '';
-    constructor(private mgmtUserService: ManagementService) { }
+    constructor(private mgmtUserService: ManagementService, private dialog: MatDialog, private toast: ToastService) { }

    public ngOnInit(): void {
        this.getOTP();
@ -50,4 +53,34 @@ export class UserMfaComponent implements OnInit, OnDestroy {
            this.error = error.message;
        });
    }
+
+    public deleteMFA(type: MfaType): void {
+        const dialogRef = this.dialog.open(WarnDialogComponent, {
+            data: {
+                confirmKey: 'ACTIONS.DELETE',
+                cancelKey: 'ACTIONS.CANCEL',
+                titleKey: 'USER.MFA.DIALOG.OTP_DELETE_TITLE',
+                descriptionKey: 'USER.MFA.DIALOG.OTP_DELETE_DESCRIPTION',
+            },
+            width: '400px',
+        });
+
+        dialogRef.afterClosed().subscribe(resp => {
+            if (resp) {
+                if (type === MfaType.MFATYPE_OTP) {
+                    this.mgmtUserService.removeMfaOTP(this.user.id).then(() => {
+                        this.toast.showInfo('USER.TOAST.OTPREMOVED', true);
+
+                        const index = this.dataSource.data.findIndex(mfa => mfa.type === type);
+                        if (index > -1) {
+                            this.dataSource.data.splice(index, 1);
+                        }
+                        this.getOTP();
+                    }).catch(error => {
+                        this.toast.showError(error);
+                    });
+                }
+            }
+        });
+    }
 }
--- a/console/src/app/services/mgmt.service.ts
+++ b/console/src/app/services/mgmt.service.ts
@ -677,6 +677,12 @@ export class ManagementService {
        return this.grpcService.mgmt.getUserMfas(req);
    }

+    public removeMfaOTP(id: string): Promise<Empty> {
+        const req = new UserID();
+        req.setId(id);
+        return this.grpcService.mgmt.removeMfaOTP(req);
+    }
+
    public SaveUserProfile(
        id: string,
        firstName?: string,
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@ -221,6 +221,11 @@ func (s *Server) GetUserMfas(ctx context.Context, userID *management.UserID) (*m
 	return &management.UserMultiFactors{Mfas: mfasFromModel(mfas)}, nil
 }

+func (s *Server) RemoveMfaOTP(ctx context.Context, userID *management.UserID) (*empty.Empty, error) {
+	err := s.user.RemoveOTP(ctx, userID.Id)
+	return &empty.Empty{}, err
+}
+
 func (s *Server) SearchUserMemberships(ctx context.Context, in *management.UserMembershipSearchRequest) (*management.UserMembershipSearchResponse, error) {
 	request := userMembershipSearchRequestsToModel(in)
 	request.AppendUserIDQuery(in.UserId)
--- a/internal/management/repository/eventsourcing/eventstore/user.go
+++ b/internal/management/repository/eventsourcing/eventstore/user.go
@ -223,6 +223,10 @@ func (repo *UserRepo) UserMfas(ctx context.Context, userID string) ([]*usr_model
 	return []*usr_model.MultiFactor{{Type: usr_model.MfaTypeOTP, State: user.OTPState}}, nil
 }

+func (repo *UserRepo) RemoveOTP(ctx context.Context, userID string) error {
+	return repo.UserEvents.RemoveOTP(ctx, userID)
+}
+
 func (repo *UserRepo) SetOneTimePassword(ctx context.Context, password *usr_model.Password) (*usr_model.Password, error) {
 	policy, err := repo.View.PasswordComplexityPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
 	if err != nil && caos_errs.IsNotFound(err) {
--- a/internal/management/repository/user.go
+++ b/internal/management/repository/user.go
@ -31,6 +31,7 @@ type UserRepository interface {
 	ChangeProfile(ctx context.Context, profile *model.Profile) (*model.Profile, error)

 	UserMfas(ctx context.Context, userID string) ([]*model.MultiFactor, error)
+	RemoveOTP(ctx context.Context, userID string) error

 	SearchExternalIDPs(ctx context.Context, request *model.ExternalIDPSearchRequest) (*model.ExternalIDPSearchResponse, error)
 	RemoveExternalIDP(ctx context.Context, externalIDP *model.ExternalIDP) error
--- a/pkg/grpc/management/proto/management.proto
+++ b/pkg/grpc/management/proto/management.proto
@ -388,6 +388,16 @@ rpc GetUserByID(UserID) returns (UserView) {
    };
  }

+  rpc RemoveMfaOTP(UserID) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      delete: "/users/{id}/mfas/otp"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "user.write"
+    };
+  }
+
  // Sends an Notification (Email/SMS) with a password reset Link
  rpc SendSetPasswordNotification(SetPasswordNotificationRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {