Group owners to disable 2FA auth for members (!99129) · Merge requests · GitLab.org / GitLab

Smriti Garg requested to merge smriti/372401_allow_group_owners_to_disable_2fa_backend into master Sep 28, 2022

What does this MR do and why?

Backend Changes to handle requests for group admins to disable two factor authentication for the group members.

How to set up and validate locally

We need to have following set up locally before curl request can be tested-

group with user 2fa enabled
we need to know the owner of the group
owner should be able to disable the 2fa of the user

curl --location --request DELETE 'https://gdk.test:3443/groups/twitter/-/two_factor_auth' \
--data-urlencode 'authenticity_token=<Authenticity token referred from the current application session>' \
--data-urlencode 'user_id=<user to update 2fa>' \
--data-urlencode 'current_user=<group owner id>'

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 28, 2022 by Smriti Garg

Group owners to disable 2FA auth for members

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports