From 50e9a66e89489563554f336cdeafe71c7a8e21a6 Mon Sep 17 00:00:00 2001
From: Bianca Nenciu <nbianca@users.noreply.github.com>
Date: Wed, 20 Mar 2019 06:40:25 +0200
Subject: [PATCH] FIX: Improve UX for second factor enforcement. (#7207)

---
 .../preferences/second-factor.js.es6          | 21 +++----------------
 .../javascripts/discourse/models/user.js.es6  |  9 ++++++++
 .../templates/preferences-second-factor.hbs   | 12 ++++++++---
 .../discourse/widgets/header.js.es6           |  5 ++++-
 app/serializers/current_user_serializer.rb    |  7 ++++++-
 5 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/app/assets/javascripts/discourse/controllers/preferences/second-factor.js.es6 b/app/assets/javascripts/discourse/controllers/preferences/second-factor.js.es6
index 36baea72a9e..75f8f4dd9cb 100644
--- a/app/assets/javascripts/discourse/controllers/preferences/second-factor.js.es6
+++ b/app/assets/javascripts/discourse/controllers/preferences/second-factor.js.es6
@@ -39,24 +39,9 @@ export default Ember.Controller.extend({
     return findAll().length > 0;
   },
 
-  @computed(
-    "siteSettings.enforce_second_factor",
-    "currentUser",
-    "currentUser.second_factor_enabled",
-    "currentUser.staff"
-  )
-  showEnforcedNotice(
-    enforce_second_factor,
-    user,
-    second_factor_enabled,
-    staff
-  ) {
-    return (
-      user &&
-      !second_factor_enabled &&
-      (enforce_second_factor === "all" ||
-        (enforce_second_factor === "staff" && staff))
-    );
+  @computed("currentUser")
+  showEnforcedNotice(user) {
+    return user && user.get("enforcedSecondFactor");
   },
 
   toggleSecondFactor(enable) {
diff --git a/app/assets/javascripts/discourse/models/user.js.es6 b/app/assets/javascripts/discourse/models/user.js.es6
index 8335d620c74..1405295b730 100644
--- a/app/assets/javascripts/discourse/models/user.js.es6
+++ b/app/assets/javascripts/discourse/models/user.js.es6
@@ -746,6 +746,15 @@ const User = RestModel.extend({
     } else {
       $.removeCookie("text_size", { path: "/", expires: 1 });
     }
+  },
+
+  @computed("second_factor_enabled", "staff")
+  enforcedSecondFactor(secondFactorEnabled, staff) {
+    const enforce = Discourse.SiteSettings.enforce_second_factor;
+    return (
+      !secondFactorEnabled &&
+      (enforce === "all" || (enforce === "staff" && staff))
+    );
   }
 });
 
diff --git a/app/assets/javascripts/discourse/templates/preferences-second-factor.hbs b/app/assets/javascripts/discourse/templates/preferences-second-factor.hbs
index 5fefc9f1ea4..2bbc76e3aa5 100644
--- a/app/assets/javascripts/discourse/templates/preferences-second-factor.hbs
+++ b/app/assets/javascripts/discourse/templates/preferences-second-factor.hbs
@@ -38,7 +38,9 @@
               disabled=loading
               label=disableButtonText}}
 
-          {{cancel-link route="preferences.account" args= model.username}}
+          {{#unless showEnforcedNotice}}
+            {{cancel-link route="preferences.account" args= model.username}}
+          {{/unless}}
         </div>
       </div>
     {{else}}
@@ -86,7 +88,9 @@
                 disabled=loading
                 label=enableButtonText}}
 
-            {{cancel-link route="preferences.account" args= model.username}}
+            {{#unless showEnforcedNotice}}
+              {{cancel-link route="preferences.account" args= model.username}}
+            {{/unless}}
           </div>
         </div>
       {{else}}
@@ -122,7 +126,9 @@
 
             {{resetPasswordProgress}}
 
-            {{cancel-link route="preferences.account" args= model.username}}
+            {{#unless showEnforcedNotice}}
+              {{cancel-link route="preferences.account" args= model.username}}
+            {{/unless}}
           </div>
         </div>
       {{/if}}
diff --git a/app/assets/javascripts/discourse/widgets/header.js.es6 b/app/assets/javascripts/discourse/widgets/header.js.es6
index 07ef944794f..7a1cde6cc53 100644
--- a/app/assets/javascripts/discourse/widgets/header.js.es6
+++ b/app/assets/javascripts/discourse/widgets/header.js.es6
@@ -67,7 +67,10 @@ createWidget("header-notifications", {
 
     const unreadPMs = user.get("unread_private_messages");
     if (!!unreadPMs) {
-      if (!user.get("read_first_notification")) {
+      if (
+        !user.get("read_first_notification") &&
+        !user.get("enforcedSecondFactor")
+      ) {
         contents.push(h("span.ring"));
         if (!attrs.active && attrs.ringBackdrop) {
           contents.push(h("span.ring-backdrop-spotlight"));
diff --git a/app/serializers/current_user_serializer.rb b/app/serializers/current_user_serializer.rb
index 1f65e474a32..b52b9b36063 100644
--- a/app/serializers/current_user_serializer.rb
+++ b/app/serializers/current_user_serializer.rb
@@ -43,7 +43,8 @@ class CurrentUserSerializer < BasicUserSerializer
              :external_id,
              :top_category_ids,
              :hide_profile_and_presence,
-             :groups
+             :groups,
+             :second_factor_enabled
 
   def groups
     object.visible_groups.pluck(:id, :name).map { |id, name| { id: id, name: name.downcase } }
@@ -219,4 +220,8 @@ class CurrentUserSerializer < BasicUserSerializer
   def include_external_id?
     SiteSetting.enable_sso
   end
+
+  def second_factor_enabled
+    object.totp_enabled?
+  end
 end