From ebb1d44edd5d3c3bf84e0bc70d32c579976b1ae8 Mon Sep 17 00:00:00 2001 From: Abdullah Atta Date: Fri, 17 Apr 2026 11:28:33 +0500 Subject: [PATCH] identity: add support for disabling 2fa --- Streetwriters.Identity/Controllers/MFAController.cs | 7 +++++-- Streetwriters.Identity/Services/UserAccountService.cs | 6 ------ Streetwriters.Identity/Validation/EmailGrantValidator.cs | 9 +++++++-- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/Streetwriters.Identity/Controllers/MFAController.cs b/Streetwriters.Identity/Controllers/MFAController.cs index 73d7da4..3a58828 100644 --- a/Streetwriters.Identity/Controllers/MFAController.cs +++ b/Streetwriters.Identity/Controllers/MFAController.cs @@ -79,9 +79,12 @@ namespace Streetwriters.Identity.Controllers } [HttpDelete] - public IActionResult Disable2FA() + public async Task Disable2FA() { - return BadRequest("2FA is mandatory and cannot be disabled."); + var user = await UserManager.GetUserAsync(User) ?? throw new Exception("User not found."); + if (!await UserManager.GetTwoFactorEnabledAsync(user)) return Ok(); + await MFAService.DisableMFAAsync(user); + return Ok(); } [HttpGet("codes")] diff --git a/Streetwriters.Identity/Services/UserAccountService.cs b/Streetwriters.Identity/Services/UserAccountService.cs index 42e452d..a31b815 100644 --- a/Streetwriters.Identity/Services/UserAccountService.cs +++ b/Streetwriters.Identity/Services/UserAccountService.cs @@ -34,12 +34,6 @@ namespace Streetwriters.Identity.Services var claims = await userManager.GetClaimsAsync(user); var marketingConsentClaim = claims.FirstOrDefault((claim) => claim.Type == $"{clientId}:marketing_consent"); - if (await userManager.IsEmailConfirmedAsync(user) && !await userManager.GetTwoFactorEnabledAsync(user)) - { - await mfaService.EnableMFAAsync(user, MFAMethods.Email); - user = await userManager.FindByIdAsync(userId); - ArgumentNullException.ThrowIfNull(user); - } ArgumentNullException.ThrowIfNull(user.Email); return new UserModel diff --git a/Streetwriters.Identity/Validation/EmailGrantValidator.cs b/Streetwriters.Identity/Validation/EmailGrantValidator.cs index ef14e3f..2702560 100644 --- a/Streetwriters.Identity/Validation/EmailGrantValidator.cs +++ b/Streetwriters.Identity/Validation/EmailGrantValidator.cs @@ -59,7 +59,6 @@ namespace Streetwriters.Identity.Validation public string GrantType => Config.EMAIL_GRANT_TYPE; - public async Task ValidateAsync(ExtensionGrantValidationContext context) { var email = context.Request.Raw["email"]; @@ -76,8 +75,14 @@ namespace Streetwriters.Identity.Validation }; var isMultiFactor = await UserManager.GetTwoFactorEnabledAsync(user); + if (!isMultiFactor) + { + context.Result.IsError = false; + context.Result.Subject = await TokenGenerationService.TransformTokenRequestAsync(context.Request, user, GrantType, [Config.MFA_PASSWORD_GRANT_TYPE_SCOPE]); + return; + } - var primaryMethod = isMultiFactor ? MFAService.GetPrimaryMethod(user) : MFAMethods.Email; + var primaryMethod = MFAService.GetPrimaryMethod(user); var secondaryMethod = MFAService.GetSecondaryMethod(user); var sendPhoneNumber = primaryMethod == MFAMethods.SMS || secondaryMethod == MFAMethods.SMS;