From 30a10d35a8406f4af96fcc8200c4e2173856837d Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Mon, 12 Dec 2016 08:16:10 -0500 Subject: PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json --- store/sql_user_store.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'store/sql_user_store.go') diff --git a/store/sql_user_store.go b/store/sql_user_store.go index 3fddfb77d..286b6551a 100644 --- a/store/sql_user_store.go +++ b/store/sql_user_store.go @@ -275,7 +275,7 @@ func (us SqlUserStore) UpdateFailedPasswordAttempts(userId string, attempts int) return storeChannel } -func (us SqlUserStore) UpdateAuthData(userId string, service string, authData *string, email string) StoreChannel { +func (us SqlUserStore) UpdateAuthData(userId string, service string, authData *string, email string, resetMfa bool) StoreChannel { storeChannel := make(StoreChannel, 1) @@ -301,6 +301,10 @@ func (us SqlUserStore) UpdateAuthData(userId string, service string, authData *s query += ", Email = :Email" } + if resetMfa { + query += ", MfaActive = false, MfaSecret = ''" + } + query += " WHERE Id = :UserId" if _, err := us.GetMaster().Exec(query, map[string]interface{}{"LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId, "AuthService": service, "AuthData": authData, "Email": email}); err != nil { -- cgit v1.2.3-1-g7c22