feat: DELPHI-188-Reset_2FA_in_Admin_Panel

Add new endpoint

api/useradminservice.yaml

@@ -19,6 +19,34 @@ paths:
                 $ref: '#/components/schemas/RootDTO'
       security:
         - Bearer: [ ]
+  /useradmin/2fa/{consultantId}:
+    delete:
+      tags:
+        - admin-user-controller
+      summary: 'Deactivates 2FA of consultants [authorities: Tenant or agency admin]'
+      operationId: deactivateConsultantTwoFactorAuth
+      parameters:
+        - name: consultantId
+          in: path
+          description: consultantId
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: OK - successful operation
+        204:
+          description: NO CONTENT - consultant with the specific id was not found
+        400:
+          description: BAD REQUEST - invalid/incomplete request or body object
+        401:
+          description: UNAUTHORIZED - no/invalid Keycloak token
+        403:
+          description: FORBIDDEN - no/invalid role/authorization or CSRF token
+        500:
+          description: INTERNAL SERVER ERROR - server encountered unexpected condition
+      security:
+        - Bearer: [ ]
   /useradmin/sessions:
     get:
       tags:

src/main/java/de/caritas/cob/userservice/api/adapters/web/controller/UserAdminController.java

@@ -31,6 +31,7 @@
 import de.caritas.cob.userservice.api.admin.hallink.RootDTOBuilder;
 import de.caritas.cob.userservice.api.admin.report.service.ViolationReportGenerator;
 import de.caritas.cob.userservice.api.admin.service.session.SessionAdminService;
+import de.caritas.cob.userservice.api.port.in.IdentityManaging;
 import de.caritas.cob.userservice.api.service.appointment.AppointmentService;
 import de.caritas.cob.userservice.api.service.helper.EmailUrlDecoder;
 import de.caritas.cob.userservice.generated.api.adapters.web.controller.UseradminApi;
@@ -64,6 +65,8 @@ public class UserAdminController implements UseradminApi {
   private final @NonNull AppointmentService appointmentService;
   private final @NonNull AdminDtoMapper adminDtoMapper;
 
+  private final @NonNull IdentityManaging identityManager;
+
   /**
    * Creates the root hal based navigation entity.
    *
@@ -75,6 +78,17 @@ public ResponseEntity<RootDTO> getRoot() {
     return ResponseEntity.ok(rootDTO);
   }
 
+  @Override
+  public ResponseEntity<Void> deactivateConsultantTwoFactorAuth(
+      @NonNull @Valid String consultantId
+  ){
+    ConsultantAdminResponseDTO consultantDTO =
+        this.consultantAdminFacade.findConsultant(consultantId);
+    identityManager.deleteOneTimePassword(consultantDTO.getEmbedded().getUsername());
+
+    return new ResponseEntity<>(HttpStatus.OK);
+  }
+
   /**
    * Entry point to retrieve sessions.
    *

src/main/java/de/caritas/cob/userservice/api/config/auth/SecurityConfig.java

@@ -195,6 +195,8 @@ protected void configure(HttpSecurity http) throws Exception {
         .antMatchers(
             HttpMethod.PUT, "/useradmin/consultants/{consultantId:" + UUID_PATTERN + "}/agencies")
         .hasAnyAuthority(CONSULTANT_UPDATE, TECHNICAL_DEFAULT)
+        .antMatchers("/useradmin/2fa/{consultantId" + UUID_PATTERN + "}")
+        .hasAnyAuthority(USER_ADMIN, SINGLE_TENANT_ADMIN, TENANT_ADMIN, RESTRICTED_AGENCY_ADMIN)
         .antMatchers("/useradmin", "/useradmin/**")
         .hasAnyAuthority(USER_ADMIN, TECHNICAL_DEFAULT)
         .antMatchers("/users/consultants/search")

src/test/java/de/caritas/cob/userservice/api/adapters/web/controller/UserAdminControllerE2EIT.java

@@ -3,6 +3,7 @@
 import static de.caritas.cob.userservice.api.adapters.web.controller.UserAdminControllerIT.ADMIN_DATA_PATH;
 import static de.caritas.cob.userservice.api.adapters.web.controller.UserAdminControllerIT.AGENCY_ADMIN_PATH;
 import static de.caritas.cob.userservice.api.adapters.web.controller.UserAdminControllerIT.CONSULTANT_PATH;
+import static de.caritas.cob.userservice.api.adapters.web.controller.UserAdminControllerIT.DEACTIVATE_CONSULTANT_2FA;
 import static de.caritas.cob.userservice.api.adapters.web.controller.UserAdminControllerIT.TENANT_ADMIN_PATH;
 import static de.caritas.cob.userservice.api.adapters.web.controller.UserAdminControllerIT.TENANT_ADMIN_PATH_WITHOUT_SLASH;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -788,4 +789,16 @@ private String givenNewTenantAdminIsCreated() throws Exception {
     String content = result.getResponse().getContentAsString();
     return JsonPath.read(content, "_embedded.id");
   }
+
+  @Test
+  @WithMockUser(authorities = {AuthorityValue.TENANT_ADMIN})
+  void deactivateConsultantTwoFactorAuth_Should_returnOk_When_requiredConsultantIsGiven() throws Exception {
+    //given
+    String consultantId = givenNewConsultantIsCreated();
+
+    //when
+    this.mockMvc.perform(delete(DEACTIVATE_CONSULTANT_2FA + consultantId)).andExpect(status().isOk());
+
+  }
+
 }

src/test/java/de/caritas/cob/userservice/api/adapters/web/controller/UserAdminControllerIT.java

@@ -76,6 +76,7 @@ class UserAdminControllerIT {
   protected static final String DELETE_AGENCY_ADMIN_PATH = AGENCY_ADMIN_PATH + "%s";
   protected static final String AGENCIES_OF_ADMIN_PATH = ROOT_PATH + "/agencyadmins/%s/agencies";
   protected static final String DELETE_ADMIN_AGENCY_PATH = AGENCIES_OF_ADMIN_PATH + "/%s";
+  protected static final String DEACTIVATE_CONSULTANT_2FA = ROOT_PATH + "/2fa/";
 
   protected static final String AGENCY_CHANGE_TYPE_PATH = ROOT_PATH + "/agency/1/changetype";
   protected static final String PAGE_PARAM = "page";