diff --git a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex index 1a5801ea..90ff748c 100644 --- a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex +++ b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex @@ -2,6 +2,7 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do use RecognizerWeb, :controller alias Recognizer.Accounts + alias Recognizer.Accounts.Role alias RecognizerWeb.Authentication @one_minute 60_000 @@ -17,11 +18,20 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do ] when action in [:two_factor_init] + @doc """ + Prompt the user to edit account settings, main edit page + """ def edit(conn, _params) do if Application.get_env(:recognizer, :redirect_url) && !get_session(conn, :bc) do redirect(conn, external: Application.get_env(:recognizer, :redirect_url)) else - render(conn, "edit.html") + # disable phone/text 2fa methods for admins + is_admin = + conn + |> Authentication.fetch_current_user() + |> Role.admin?() + + render(conn, "edit.html", allow_phone_methods: !is_admin) end end diff --git a/lib/recognizer_web/templates/accounts/user_settings/edit.html.eex b/lib/recognizer_web/templates/accounts/user_settings/edit.html.eex index 6c164ba8..89922749 100644 --- a/lib/recognizer_web/templates/accounts/user_settings/edit.html.eex +++ b/lib/recognizer_web/templates/accounts/user_settings/edit.html.eex @@ -119,7 +119,7 @@
- <%= submit "Update Profile", class: "button is-secondary" %> + <%= submit "Update Profile", class: "button is-secondary", disabled: false %>
<% end %> @@ -211,6 +211,8 @@ every time you log in.

+ <% phone_allowed = Map.get(assigns, :allow_phone_methods, true) %> + <%= inputs_for f, :notification_preference, fn n -> %>
Authentication Method Preference @@ -223,23 +225,28 @@ Authenticator App <% end %> - <%= label class: "label" do %> - <%= radio_button n, :two_factor, "text" %> - Text Message - <% end %> + <%= if phone_allowed do %> - <%= label class: "label" do %> - <%= radio_button n, :two_factor, "voice" %> - Phone Call + <%= label class: "label" do %> + <%= radio_button n, :two_factor, "text" %> + Text Message + <% end %> + + <%= label class: "label" do %> + <%= radio_button n, :two_factor, "voice" %> + Phone Call + <% end %> <% end %>
<% end %> -

- Message and data rates may apply for text message and phone call - methods. -

+ <%= if phone_allowed do %> +

+ Message and data rates may apply for text message and phone call + methods. +

+ <% end %>
diff --git a/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs b/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs index 48d277ea..949bf5a9 100644 --- a/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs +++ b/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs @@ -24,6 +24,14 @@ defmodule RecognizerWeb.Accounts.UserSettingsControllerTest do conn = get(conn, Routes.user_settings_path(conn, :edit)) assert redirected_to(conn) == Routes.user_session_path(conn, :new) end + + test "hides text/voice options for admin", %{conn: conn} do + %{conn: conn} = register_and_log_in_admin(%{conn: conn}) + conn = get(conn, Routes.user_settings_path(conn, :edit)) + response = html_response(conn, 200) + assert response =~ "Authenticator App" + refute response =~ "Text Message" + end end describe "PUT /users/settings (change password form)" do