PLT-4767 Implement MFA Enforcement (#4662)

* Create MFA setup page and remove MFA setup from account settings modal

* Add enforce MFA to system console and force redirect

* Lockdown mfa required API routes, add localization, other changes

* Minor fixes

* Fix typo

* Fix some unit tests

* Fix more unit tests

* Minor fix

* Updating UI for MFA screen (#4670)

* Updating UI for MFA screen

* Updating styles for MFA page

* Add the ability to switch between email/sso with MFA enabled

* Added mfa change email

* Minor UI updates for MFA enforcement

* Fix unit test

* Fix client unit test

* Allow switching email to ldap and back when MFA is enabled

* Fix unit test

* Revert config.json

2 files changed, 11 insertions, 9 deletions

diff --git a/webapp/client/client.jsx b/webapp/client/client.jsx
index 88f910d46..c2db8a275 100644
--- a/webapp/client/client.jsx
+++ b/webapp/client/client.jsx
@@ -840,18 +840,13 @@ export default class Client {
         this.track('api', 'api_users_reset_password');
     }
 
-    emailToOAuth(email, password, service, success, error) {
-        var data = {};
-        data.password = password;
-        data.email = email;
-        data.service = service;
-
+    emailToOAuth(email, password, token, service, success, error) {
         request.
             post(`${this.getUsersRoute()}/claim/email_to_oauth`).
             set(this.defaultHeaders).
             type('application/json').
             accept('application/json').
-            send(data).
+            send({password, email, token, service}).
             end(this.handleResponse.bind(this, 'emailToOAuth', success, error));
 
         this.track('api', 'api_users_email_to_oauth');
@@ -873,12 +868,13 @@ export default class Client {
         this.track('api', 'api_users_oauth_to_email');
     }
 
-    emailToLdap(email, password, ldapId, ldapPassword, success, error) {
+    emailToLdap(email, password, token, ldapId, ldapPassword, success, error) {
         var data = {};
         data.email_password = password;
         data.email = email;
         data.ldap_id = ldapId;
         data.ldap_password = ldapPassword;
+        data.token = token;
 
         request.
             post(`${this.getUsersRoute()}/claim/email_to_ldap`).
@@ -891,11 +887,12 @@ export default class Client {
         this.track('api', 'api_users_email_to_ldap');
     }
 
-    ldapToEmail(email, emailPassword, ldapPassword, success, error) {
+    ldapToEmail(email, emailPassword, token, ldapPassword, success, error) {
         var data = {};
         data.email = email;
         data.ldap_password = ldapPassword;
         data.email_password = emailPassword;
+        data.token = token;
 
         request.
             post(`${this.getUsersRoute()}/claim/ldap_to_email`).
diff --git a/webapp/client/web_client.jsx b/webapp/client/web_client.jsx
index 62870c5bc..324d4cd25 100644
--- a/webapp/client/web_client.jsx
+++ b/webapp/client/web_client.jsx
@@ -38,6 +38,11 @@ class WebClientClass extends Client {
     }
 
     handleError(err, res) {
+        if (res.body.id === 'api.context.mfa_required.app_error') {
+            window.location.reload();
+            return;
+        }
+
         if (err.status === HTTP_UNAUTHORIZED && res.req.url !== '/api/v3/users/login') {
             GlobalActions.emitUserLoggedOutEvent('/login');
         }