Add PATCH /users/:id/disable_two_factor endpoint
What does this MR do and why?
Describe in detail what your merge request does and why.
Closes #295260 (closed)
Adds the ability for an administrator to disable two factor authentication via the
the new PATCH /users/:id/disable_two_factor API endpoint for a specified user.
If the operation is successful, the user is sent an email so that the specified user knows that two factor authentication has been disabled on their account. This leverages existing functionality found in the TwoFactor::DestroyService class.
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Note: $GDK_PAT is a personal access token that belongs to an administrator.
-
Enable two factor authentication on a given user in the GitLab UI.
-
Confirm that
two_factor_enabled=truewhen fetching the user via the API:curl -i --header "PRIVATE-TOKEN: $GDK_PAT" http://gdk.test:3000/api/v4/users/1 -
Disable two factor authentication. If successful, you will receive a
204 No Contentin the headers.curl -i -X PATCH --header "PRIVATE-TOKEN: $GDK_PAT" http://gdk.test:3000/api/v4/users/1/disable_two_factor -
Confirm that
two_factor_enabled=falsewhen fetching the user via the API:curl -i --header "PRIVATE-TOKEN: $GDK_PAT" http://gdk.test:3000/api/v4/users/1
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.