Disable FTC and FAC as two factor providers for a user when their two factor is disabled by admin
Two factor of a user is disabled by calling the User#disable_two_factor!
method (Source)
Instance admins have the ability to disable 2FAs of users in the instance via Admin UI/Rails console.
However, when disabling 2FA of a user, FortiTokenCloud or FortiAuthenticator 2FAs are not being removed.
Expected
We should be removing the FTC & FAC 2FA setting of the user when their 2FA is disabled by admin, if those exist.
Change would be:
def disable_two_factor!
....
....
Feature.disable(:forti_authenticator, self) if Feature.enabled?(:forti_authenticator, self)
Feature.disable(:forti_token_cloud, self) if Feature.enabled?(:forti_token_cloud, self)
end