Add possibility to remove mfa

2025-10-06 12:50:10 +00:00 · 2025-02-06 16:47:56 +00:00
parent 6228a54ecf
commit 0bfd2f901d
9 changed files with 168 additions and 57 deletions
--- a/frontend/js/app/api.js
+++ b/frontend/js/app/api.js
@@ -211,6 +211,9 @@ module.exports = {
        },
        check: function () {
            return fetch('get', 'mfa/check');
+        },
+        delete: function (secret) {
+            return fetch('delete', 'mfa/delete', {secret: secret});
        }
    },

--- a/frontend/js/app/user/form.ejs
+++ b/frontend/js/app/user/form.ejs
@@ -27,12 +27,22 @@
                </div>

                <div class="col-sm-12 col-md-12">
-                    <label class="form-label mfa-label" style="display: none;"><%- i18n('mfa', 'mfa') %></label>
-                    <button type="button" class="btn btn-info add-mfa"><%- i18n('mfa', 'add-mfa') %></button>
+                    <label class="form-label mfa-label"><%- i18n('mfa', 'mfa') %></label>
+                    <button type="button" class="btn btn-info mfa-add"><%- i18n('mfa', 'mfa-add') %></button>
+                    <button type="button" class="btn btn-danger mfa-remove" style="display: none;"><%- i18n('mfa', 'mfa-remove') %></button>
+                    <div class="mfa-remove-confirm-container" style="display: none;">
+                        <div class="form-group">
+                            <label class="form-label"><%- i18n('mfa', 'confirm-password') %></label>
+                            <input name="mfa_password" type="password" class="form-control mfa-remove-password-field" placeholder="<%- i18n('mfa', 'enter-password') %>">
+                            <div class="invalid-feedback mfa-error"></div>
+                        </div>
+                        <button type="button" class="btn btn-danger mfa-remove-confirm"><%- i18n('mfa', 'confirm-remove-mfa') %></button>
+                    </div>
                    <p class="qr-instructions" style="display: none;"><%- i18n('mfa', 'mfa-setup-instruction') %></p>
                    <div class="mfa-validation-container" style="display: none;">
                        <label class="form-label"><%- i18n('mfa', 'mfa-token') %> <span class="form-required">*</span></label>
                        <input name="mfa_validation" type="text" class="form-control" placeholder="000000" value="">
+                        <div class="invalid-feedback mfa-error"></div>
                    </div>
                </div>

--- a/frontend/js/app/user/form.js
+++ b/frontend/js/app/user/form.js
@@ -15,10 +15,14 @@ module.exports = Mn.View.extend({
        cancel:  'button.cancel',
        save:    'button.save',
        error:   '.secret-error',
-        addMfa:  '.add-mfa',
-        mfaLabel: '.mfa-label', // added binding
-        mfaValidation: '.mfa-validation-container', // added binding
-        qrInstructions: '.qr-instructions' // added binding for instructions
+        mfaError: '.mfa-error',
+        addMfa:  '.mfa-add',
+        mfaValidation: '.mfa-validation-container',
+        qrInstructions: '.qr-instructions',
+        removeMfa: '.mfa-remove',
+        removeMfaConfirmContainer: '.mfa-remove-confirm-container',
+        removeMfaConfirm: '.mfa-remove-confirm',
+        removeMfaPassword: '.mfa-remove-password-field'
    },

    events: {
@@ -75,7 +79,6 @@ module.exports = Mn.View.extend({
                        return App.Api.Mfa.enable(mfaToken)
                            .then(() => result);
                    }
-                    console.log(result);
                    return result;
                })
                .then(result => {
@@ -106,6 +109,31 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    view.ui.error.text(err.message).show();
                });
+        },
+        'click @ui.removeMfa': function (e) {
+            // Show confirmation section with a password field and confirm button
+            this.ui.removeMfa.hide();
+            this.ui.removeMfaConfirmContainer.show();
+        },
+        'click @ui.removeMfaConfirm': function (e) {
+            let view = this;
+            let password = view.ui.removeMfaPassword.val();
+            if (!password) {
+                view.ui.error.text('Password required to remove MFA').show();
+                return;
+            }
+            App.Api.Mfa.delete(password)
+                .then(() => {
+                    view.ui.addMfa.show();
+                    view.ui.qrInstructions.hide();
+                    view.ui.mfaValidation.hide();
+                    view.ui.removeMfaConfirmContainer.hide();
+                    view.ui.removeMfa.hide();
+                    view.ui.mfaValidation.find('input[name="mfa_validation"]').removeAttr('required');
+                })
+                .catch(err => {
+                    view.ui.mfaError.text(err.message).show();
+                });
        }
    },

@@ -143,16 +171,17 @@ module.exports = Mn.View.extend({
            .then(response => {
                if (response.active) {
                    view.ui.addMfa.hide();
-                    view.ui.mfaLabel.hide();
                    view.ui.qrInstructions.hide();
                    view.ui.mfaValidation.hide();
-                    // Remove required attribute if MFA is active & field is hidden
+                    view.ui.removeMfa.show();
+                    view.ui.removeMfaConfirmContainer.hide();
                    view.ui.mfaValidation.find('input[name="mfa_validation"]').removeAttr('required');
                } else {
                    view.ui.addMfa.show();
-                    view.ui.mfaLabel.show();
                    view.ui.qrInstructions.hide();
                    view.ui.mfaValidation.hide();
+                    view.ui.removeMfa.hide();
+                    view.ui.removeMfaConfirmContainer.hide();
                    view.ui.mfaValidation.find('input[name="mfa_validation"]').removeAttr('required');
                }
            })