From 426d677243ddfcffc59b972697ed847673789896 Mon Sep 17 00:00:00 2001 From: Penar Musaraj Date: Wed, 2 Oct 2024 09:43:12 -0400 Subject: [PATCH] DEV: update rake task to disable 2FA for a user - limits security key deletes to second factor keys - also deletes backup codes (lingering backup codes break login flow entirely) --- lib/tasks/users.rake | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/tasks/users.rake b/lib/tasks/users.rake index 3df8ad8bd8a..6d6a991185c 100644 --- a/lib/tasks/users.rake +++ b/lib/tasks/users.rake @@ -155,7 +155,13 @@ task "users:disable_2fa", [:username] => [:environment] do |_, args| username = args[:username] user = find_user(username) UserSecondFactor.where(user_id: user.id, method: UserSecondFactor.methods[:totp]).each(&:destroy!) - UserSecurityKey.where(user_id: user.id).destroy_all + UserSecurityKey.where( + user_id: user.id, + factor_type: UserSecurityKey.factor_types[:second_factor], + ).destroy_all + UserSecondFactor.where(user_id: user.id, method: UserSecondFactor.methods[:backup_codes]).each( + &:destroy! + ) puts "2FA disabled for #{username}" end