Merge pull request nextcloud#28421 from nextcloud/enhancement/2fa-bac…

…kup-codes-disable-admin

Allow admins to disable 2FA backup codes via occ

apps/twofactor_backupcodes/lib/Provider/BackupCodesProvider.php

@@ -30,15 +30,15 @@
 use OC\App\AppManager;
 use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
 use OCA\TwoFactorBackupCodes\Settings\Personal;
+use OCP\Authentication\TwoFactorAuth\IDeactivatableByAdmin;
 use OCP\Authentication\TwoFactorAuth\IPersonalProviderSettings;
-use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Authentication\TwoFactorAuth\IProvidesPersonalSettings;
 use OCP\IInitialStateService;
 use OCP\IL10N;
 use OCP\IUser;
 use OCP\Template;
 
-class BackupCodesProvider implements IProvider, IProvidesPersonalSettings {
+class BackupCodesProvider implements IDeactivatableByAdmin, IProvidesPersonalSettings {
 
 	/** @var string */
 	private $appName;
@@ -164,4 +164,8 @@ public function getPersonalSettings(IUser $user): IPersonalProviderSettings {
 		$this->initialStateService->provideInitialState($this->appName, 'state', $state);
 		return new Personal();
 	}
+
+	public function disableFor(IUser $user) {
+		$this->storage->deleteCodes($user);
+	}
 }

apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php

@@ -136,4 +136,8 @@ public function validateCode(IUser $user, string $code): bool {
 		}
 		return false;
 	}
+
+	public function deleteCodes(IUser $user): void {
+		$this->mapper->deleteCodes($user);
+	}
 }

apps/twofactor_backupcodes/tests/Unit/Provider/BackupCodesProviderTest.php

@@ -159,4 +159,13 @@ public function testIsActiveWithProviders() {
 
 		$this->assertTrue($this->provider->isActive($user));
 	}
+
+	public function testDisable(): void {
+		$user = $this->getMockBuilder(IUser::class)->getMock();
+		$this->storage->expects(self::once())
+			->method('deleteCodes')
+			->with($user);
+
+		$this->provider->disableFor($user);
+	}
 }

apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php

@@ -236,4 +236,13 @@ public function testValidateCodeWithWrongHash() {
 
 		$this->assertFalse($this->storage->validateCode($user, 'CHALLENGE'));
 	}
+
+	public function testDeleteCodes(): void {
+		$user = $this->createMock(IUser::class);
+		$this->mapper->expects($this->once())
+			->method('deleteCodes')
+			->with($user);
+
+		$this->storage->deleteCodes($user);
+	}
 }