Skip to content

Commit

Permalink
fix: check if 2FA is enabled to allow TOTP reset (#29723)
Browse files Browse the repository at this point in the history
  • Loading branch information
tapiarafael authored Aug 4, 2023
1 parent 7a4fdf4 commit 6fa30dd
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
5 changes: 5 additions & 0 deletions .changeset/cuddly-houses-tie.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@rocket.chat/meteor": patch
---

Hide Reset TOTP option if 2FA is disabled
4 changes: 4 additions & 0 deletions apps/meteor/app/api/server/v1/users.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1034,6 +1034,10 @@ API.v1.addRoute(
throw new Meteor.Error('error-not-allowed', 'Not allowed');
}

if (!settings.get('Accounts_TwoFactorAuthentication_Enabled')) {
throw new Meteor.Error('error-two-factor-not-enabled', 'Two factor authentication is not enabled');
}

const user = await getUserFromParams(this.bodyParams);
if (!user) {
throw new Meteor.Error('error-invalid-user-id', 'Invalid user id');
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import type { IUser } from '@rocket.chat/core-typings';
import { useSetModal, usePermission, useEndpoint, useTranslation, useToastMessageDispatch } from '@rocket.chat/ui-contexts';
import { useSetModal, usePermission, useSetting, useEndpoint, useTranslation, useToastMessageDispatch } from '@rocket.chat/ui-contexts';
import React, { useCallback } from 'react';

import GenericModal from '../../../../components/GenericModal';
Expand All @@ -10,6 +10,7 @@ export const useResetTOTPAction = (userId: IUser['_id']): Action | undefined =>
const setModal = useSetModal();
const dispatchToastMessage = useToastMessageDispatch();
const canResetTOTP = usePermission('edit-other-user-totp');
const twoFactorEnabled = useSetting('Accounts_TwoFactorAuthentication_Enabled');
const resetTOTPRequest = useEndpoint('POST', '/v1/users.resetTOTP');

const resetTOTP = useCallback(async () => {
Expand All @@ -31,7 +32,7 @@ export const useResetTOTPAction = (userId: IUser['_id']): Action | undefined =>
);
}, [resetTOTP, t, setModal]);

return canResetTOTP
return canResetTOTP && twoFactorEnabled
? {
icon: 'key',
label: t('Reset_TOTP'),
Expand Down

0 comments on commit 6fa30dd

Please sign in to comment.