PLT-4767 Implement MFA Enforcement (#4662)

* Create MFA setup page and remove MFA setup from account settings modal

* Add enforce MFA to system console and force redirect

* Lockdown mfa required API routes, add localization, other changes

* Minor fixes

* Fix typo

* Fix some unit tests

* Fix more unit tests

* Minor fix

* Updating UI for MFA screen (#4670)

* Updating UI for MFA screen

* Updating styles for MFA page

* Add the ability to switch between email/sso with MFA enabled

* Added mfa change email

* Minor UI updates for MFA enforcement

* Fix unit test

* Fix client unit test

* Allow switching email to ldap and back when MFA is enabled

* Fix unit test

* Revert config.json

1 files changed, 5 insertions, 1 deletions

diff --git a/store/sql_user_store.go b/store/sql_user_store.go
index 3fddfb77d..286b6551a 100644
--- a/store/sql_user_store.go
+++ b/store/sql_user_store.go
@@ -275,7 +275,7 @@ func (us SqlUserStore) UpdateFailedPasswordAttempts(userId string, attempts int)
 	return storeChannel
 }
 
-func (us SqlUserStore) UpdateAuthData(userId string, service string, authData *string, email string) StoreChannel {
+func (us SqlUserStore) UpdateAuthData(userId string, service string, authData *string, email string, resetMfa bool) StoreChannel {
 
 	storeChannel := make(StoreChannel, 1)
 
@@ -301,6 +301,10 @@ func (us SqlUserStore) UpdateAuthData(userId string, service string, authData *s
 			query += ", Email = :Email"
 		}
 
+		if resetMfa {
+			query += ", MfaActive = false, MfaSecret = ''"
+		}
+
 		query += " WHERE Id = :UserId"
 
 		if _, err := us.GetMaster().Exec(query, map[string]interface{}{"LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId, "AuthService": service, "AuthData": authData, "Email": email}); err != nil {