diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index d4d0339f09..5d075b32d2 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -290,4 +290,32 @@ class UsersController extends Controller $assets = Asset::where('assigned_to', '=', $id)->with('model')->get(); return (new AssetsTransformer)->transformAssets($assets, $assets->count()); } + + /** + * Reset the user's two-factor status + * + * @author [A. Gianotto] [] + * @since [v3.0] + * @param $userId + * @return string JSON + */ + public function postTwoFactorReset(Request $request) + { + + $this->authorize('edit', User::class); + + if ($request->has('id')) { + try { + $user = User::find($request->get('id')); + $user->two_factor_secret = null; + $user->two_factor_enrolled = 0; + $user->save(); + return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200); + } catch (\Exception $e) { + return response()->json(['message' => trans('admin/settings/general.two_factor_reset_error')], 500); + } + } + return response()->json(['message' => 'No ID provided'], 500); + + } } diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php index 27f18adf88..2b6f0c008a 100755 --- a/app/Http/Controllers/UsersController.php +++ b/app/Http/Controllers/UsersController.php @@ -1138,23 +1138,6 @@ class UsersController extends Controller } - public function postTwoFactorReset(Request $request) - { - if (Gate::denies('users.edit')) { - return response()->json(['message' => trans('general.insufficient_permissions')], 500); - } - - try { - $user = User::find($request->get('id')); - $user->two_factor_secret = null; - $user->two_factor_enrolled = 0; - $user->save(); - return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200); - } catch (\Exception $e) { - return response()->json(['message' => trans('admin/settings/general.two_factor_reset_error')], 500); - } - } - /** * LDAP form processing. * diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index e84d5c175b..420ab124ab 100755 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -627,6 +627,10 @@ $(document).ready(function() { url: '{{ route('api.users.two_factor_reset', ['id'=> $user->id]) }}', type: 'POST', data: {}, + headers: { + "X-Requested-With": 'XMLHttpRequest', + "X-CSRF-TOKEN": $('meta[name="csrf-token"]').attr('content') + }, dataType: 'json', success: function (data) {