#168: disable TOTP as admin for a specific user

2025-12-18 04:01:42 +00:00 · 2018-11-07 13:42:43 +01:00
parent a75b40bbfb
commit 42828efa19
2 changed files with 59 additions and 4 deletions
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
@@ -323,6 +323,9 @@ public class TestUserResource extends BaseJerseyTest {
    
    @Test
    public void testTotp() {
+        // Login admin
+        String adminToken = clientUtil.login("admin", "admin", false);
+
        // Create totp1 user
        clientUtil.createUser("totp1");
        String totp1Token = clientUtil.login("totp1");
@@ -373,7 +376,17 @@ public class TestUserResource extends BaseJerseyTest {
                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, totp1Token)
                .post(Entity.form(new Form()
                        .param("password", "12345678")), JsonObject.class);
-        
+
+        // Enable TOTP for totp1
+        target().path("/user/enable_totp").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, totp1Token)
+                .post(Entity.form(new Form()), JsonObject.class);
+
+        // Disable TOTP for totp1 with admin
+        target().path("/user/totp1/disable_totp").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .post(Entity.form(new Form()), JsonObject.class);
+
        // Login with totp1 without a validation code
        target().path("/user/login").request()
                .post(Entity.form(new Form()