mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-07-08 04:12:10 +00:00
Added MFA setup link on user edit view
This commit is contained in:
parent
09c2814dc7
commit
bb43acef21
|
@ -128,12 +128,14 @@ class UserController extends Controller
|
||||||
$authMethod = ($user->system_name) ? 'system' : config('auth.method');
|
$authMethod = ($user->system_name) ? 'system' : config('auth.method');
|
||||||
|
|
||||||
$activeSocialDrivers = $socialAuthService->getActiveDrivers();
|
$activeSocialDrivers = $socialAuthService->getActiveDrivers();
|
||||||
|
$mfaMethods = user()->mfaValues()->get(['id', 'method'])->groupBy('method');
|
||||||
$this->setPageTitle(trans('settings.user_profile'));
|
$this->setPageTitle(trans('settings.user_profile'));
|
||||||
$roles = $this->userRepo->getAllRoles();
|
$roles = $this->userRepo->getAllRoles();
|
||||||
|
|
||||||
return view('users.edit', [
|
return view('users.edit', [
|
||||||
'user' => $user,
|
'user' => $user,
|
||||||
'activeSocialDrivers' => $activeSocialDrivers,
|
'activeSocialDrivers' => $activeSocialDrivers,
|
||||||
|
'mfaMethods' => $mfaMethods,
|
||||||
'authMethod' => $authMethod,
|
'authMethod' => $authMethod,
|
||||||
'roles' => $roles,
|
'roles' => $roles,
|
||||||
]);
|
]);
|
||||||
|
|
|
@ -63,6 +63,30 @@
|
||||||
</form>
|
</form>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section class="card content-wrap auto-height">
|
||||||
|
<h2 class="list-heading">Multi-Factor Authentication</h2>
|
||||||
|
<p>
|
||||||
|
Setup multi-factor authentication as an extra layer of security
|
||||||
|
for your user account.
|
||||||
|
</p>
|
||||||
|
<div class="grid half gap-xl v-center pb-s">
|
||||||
|
<div>
|
||||||
|
@if ($mfaMethods->count() > 0)
|
||||||
|
<span class="text-pos">@icon('check-circle')</span>
|
||||||
|
@else
|
||||||
|
<span class="text-neg">@icon('cancel')</span>
|
||||||
|
@endif
|
||||||
|
{{ $mfaMethods->count() }} {{ $mfaMethods->count() === 1 ? 'method' : 'methods' }} configured
|
||||||
|
</div>
|
||||||
|
<div class="text-m-right">
|
||||||
|
@if($user->id === user()->id)
|
||||||
|
<a href="{{ url('/mfa/setup') }}" class="button outline">Configure Methods</a>
|
||||||
|
@endif
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
@if(user()->id === $user->id && count($activeSocialDrivers) > 0)
|
@if(user()->id === $user->id && count($activeSocialDrivers) > 0)
|
||||||
<section class="card content-wrap auto-height">
|
<section class="card content-wrap auto-height">
|
||||||
<h2 class="list-heading">{{ trans('settings.users_social_accounts') }}</h2>
|
<h2 class="list-heading">{{ trans('settings.users_social_accounts') }}</h2>
|
||||||
|
|
|
@ -106,4 +106,29 @@ class MfaConfigurationTest extends TestCase
|
||||||
$resp->assertStatus(500);
|
$resp->assertStatus(500);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_mfa_method_count_is_visible_on_user_edit_page()
|
||||||
|
{
|
||||||
|
$admin = $this->getAdmin();
|
||||||
|
$resp = $this->actingAs($admin)->get($admin->getEditUrl());
|
||||||
|
$resp->assertSee('0 methods configured');
|
||||||
|
|
||||||
|
MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');
|
||||||
|
$resp = $this->actingAs($admin)->get($admin->getEditUrl());
|
||||||
|
$resp->assertSee('1 method configured');
|
||||||
|
|
||||||
|
MfaValue::upsertWithValue($admin, MfaValue::METHOD_BACKUP_CODES, 'test');
|
||||||
|
$resp = $this->actingAs($admin)->get($admin->getEditUrl());
|
||||||
|
$resp->assertSee('2 methods configured');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function test_mfa_setup_link_only_shown_when_viewing_own_user_edit_page()
|
||||||
|
{
|
||||||
|
$admin = $this->getAdmin();
|
||||||
|
$resp = $this->actingAs($admin)->get($admin->getEditUrl());
|
||||||
|
$resp->assertElementExists('a[href$="/mfa/setup"]');
|
||||||
|
|
||||||
|
$resp = $this->actingAs($admin)->get($this->getEditor()->getEditUrl());
|
||||||
|
$resp->assertElementNotExists('a[href$="/mfa/setup"]');
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user