From c04bb2d7cff62875d2d84fe7e645663b6740c5ea Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete@docuseal.com>
Date: Thu, 4 Sep 2025 21:19:43 +0300
Subject: [PATCH] allow to disable user 2fa

---
 app/controllers/users_controller.rb |  4 ++--
 app/views/users/_form.html.erb      | 22 +++++++++++++++-------
 config/locales/i18n.yml             | 12 ++++++++++++
 3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8f433577..2e361097 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -54,7 +54,7 @@ class UsersController < ApplicationController
       @user.account = account
     end
 
-    if @user.update(attrs.except(current_user == @user ? :role : nil))
+    if @user.update(attrs.except(*(current_user == @user ? %i[otp_required_for_login role] : nil)))
       redirect_back fallback_location: settings_users_path, notice: I18n.t('user_has_been_updated')
     else
       render turbo_stream: turbo_stream.replace(:modal, template: 'users/edit'), status: :unprocessable_content
@@ -83,7 +83,7 @@ class UsersController < ApplicationController
 
   def user_params
     if params.key?(:user)
-      permitted_params = %i[email first_name last_name password archived_at]
+      permitted_params = %i[email first_name last_name password archived_at otp_required_for_login]
 
       permitted_params << :role if role_valid?(params.dig(:user, :role))
 
diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb
index 3df7cb08..304748e5 100644
--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
@@ -1,12 +1,14 @@
 <%= form_for user, html: { class: 'space-y-4' }, data: { turbo_frame: :_top } do |f| %>
   <div class="space-y-2">
-    <div class="form-control">
-      <%= f.label :first_name, t('first_name'), class: 'label' %>
-      <%= f.text_field :first_name, required: true, class: 'base-input', dir: 'auto' %>
-    </div>
-    <div class="form-control">
-      <%= f.label :last_name, t('last_name'), class: 'label' %>
-      <%= f.text_field :last_name, required: true, class: 'base-input', dir: 'auto' %>
+    <div class="flex space-x-4">
+      <div class="w-full">
+        <%= f.label :first_name, t('first_name'), class: 'label' %>
+        <%= f.text_field :first_name, required: true, class: 'base-input w-full', dir: 'auto' %>
+      </div>
+      <div class="w-full">
+        <%= f.label :last_name, t('last_name'), class: 'label' %>
+        <%= f.text_field :last_name, required: true, class: 'base-input w-full', dir: 'auto' %>
+      </div>
     </div>
     <div class="form-control">
       <%= f.label :email, t('email'), class: 'label' %>
@@ -17,6 +19,12 @@
       <%= f.password_field :password, required: user.new_record?, class: 'base-input' %>
     </div>
     <% if f.object != current_user %>
+      <% if user.otp_required_for_login %>
+        <div class="form-control">
+          <%= f.label :otp_required_for_login, t('two_factor_authentication'), class: 'label' %>
+          <%= f.select :otp_required_for_login, [[t('enabled'), true], [t('disabled'), false]], { include_blank: false }, class: 'base-select' %>
+        </div>
+      <% end %>
       <%= render 'role_select', f: %>
     <% end %>
     <% if local_assigns[:extra_fields_html].present? %>
diff --git a/config/locales/i18n.yml b/config/locales/i18n.yml
index c7a607f9..ef30b27b 100644
--- a/config/locales/i18n.yml
+++ b/config/locales/i18n.yml
@@ -24,6 +24,8 @@ en: &en
   thanks: Thanks
   private: Private
   select: Select
+  enabled: Enabled
+  disabled: Disabled
   party: Party
   edit_order: Edit Order
   expirable_file_download_links: Expirable file download links
@@ -902,6 +904,8 @@ en: &en
       range_without_total: "%{from}-%{to} events"
 
 es: &es
+  enabled: Habilitado
+  disabled: Deshabilitado
   expirable_file_download_links: Enlaces de descarga de archivos con vencimiento
   create_templates_with_private_access_by_default: Crear plantillas con acceso privado por defecto
   party: Parte
@@ -1784,6 +1788,8 @@ es: &es
       range_without_total: "%{from}-%{to} eventos"
 
 it: &it
+  enabled: Abilitato
+  disabled: Disabilitato
   expirable_file_download_links: Link di download di file con scadenza
   create_templates_with_private_access_by_default: Crea modelli con accesso privato per impostazione predefinita
   party: Parte
@@ -2666,6 +2672,8 @@ it: &it
       range_without_total: "%{from}-%{to} eventi"
 
 fr: &fr
+  enabled: Activé
+  disabled: Désactivé
   expirable_file_download_links: Liens de téléchargement de fichiers expirables
   create_templates_with_private_access_by_default: Créer des modèles avec un accès privé par défaut
   party: Partie
@@ -3551,6 +3559,8 @@ fr: &fr
       range_without_total: "%{from} à %{to} événements"
 
 pt: &pt
+  enabled: Ativado
+  disabled: Desativado
   expirable_file_download_links: Links de download de arquivos com expiração
   create_templates_with_private_access_by_default: Criar modelos com acesso privado por padrão
   party: Parte
@@ -4434,6 +4444,8 @@ pt: &pt
       range_without_total: "%{from}-%{to} eventos"
 
 de: &de
+  enabled: Aktiviert
+  disabled: Deaktiviert
   expirable_file_download_links: Ablaufbare Datei-Download-Links
   create_templates_with_private_access_by_default: Vorlagen standardmäßig mit privatem Zugriff erstellen
   party: Partei