|
|
@@ -3689,6 +3689,30 @@ func TestAdminTwoFactorRequirements(t *testing.T) {
|
|
|
assert.Contains(t, string(bodyResp), "two-factor authentication must be enabled")
|
|
|
err = resp.Body.Close()
|
|
|
assert.NoError(t, err)
|
|
|
+ // try to disable 2FA using the dedicated API
|
|
|
+ req, err = http.NewRequest(http.MethodPut, fmt.Sprintf("%v%v", httpBaseURL, path.Join(adminPath, altAdminUsername, "2fa", "disable")), nil)
|
|
|
+ assert.NoError(t, err)
|
|
|
+ setBearerForReq(req, token)
|
|
|
+ resp, err = httpclient.GetHTTPClient().Do(req)
|
|
|
+ assert.NoError(t, err)
|
|
|
+ assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
|
|
+ bodyResp, err = io.ReadAll(resp.Body)
|
|
|
+ assert.NoError(t, err)
|
|
|
+ assert.Contains(t, string(bodyResp), "two-factor authentication must be enabled")
|
|
|
+ err = resp.Body.Close()
|
|
|
+ assert.NoError(t, err)
|
|
|
+ // disabling 2FA using another admin should work
|
|
|
+ token, err = getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
|
|
|
+ assert.NoError(t, err)
|
|
|
+ req, err = http.NewRequest(http.MethodPut, path.Join(adminPath, altAdminUsername, "2fa", "disable"), nil)
|
|
|
+ assert.NoError(t, err)
|
|
|
+ setBearerForReq(req, token)
|
|
|
+ rr = executeRequest(req)
|
|
|
+ checkResponseCode(t, http.StatusOK, rr)
|
|
|
+ // check
|
|
|
+ admin, _, err = httpdtest.GetAdminByUsername(altAdminUsername, http.StatusOK)
|
|
|
+ assert.NoError(t, err)
|
|
|
+ assert.False(t, admin.Filters.TOTPConfig.Enabled)
|
|
|
|
|
|
_, err = httpdtest.RemoveAdmin(admin, http.StatusOK)
|
|
|
assert.NoError(t, err)
|
Nicola Murino