Merge branch 'dz-add-2fa-filter-admin-api' into 'master'

Add 2FA filter to users API for admins only See merge request gitlab-org/gitlab-ce!18503

Merge branch 'dz-add-2fa-filter-admin-api' into 'master'
Add 2FA filter to users API for admins only See merge request gitlab-org/gitlab-ce!18503
f81b1a24 · Douwe Maan · 9b3085b4 · 04716cb0 · f81b1a24 · f81b1a24
Commit f81b1a24 authored Apr 23, 2018 by Douwe Maan
5 changed files
--- a/app/finders/users_finder.rb
+++ b/app/finders/users_finder.rb
@@ -32,6 +32,7 @@ class UsersFinder
    users = by_active(users)
    users = by_external_identity(users)
    users = by_external(users)
+    users = by_2fa(users)
    users = by_created_at(users)
    users = by_custom_attributes(users)

@@ -76,4 +77,15 @@ class UsersFinder

    users.external
  end
+
+  def by_2fa(users)
+    case params[:two_factor]
+    when 'enabled'
+      users.with_two_factor
+    when 'disabled'
+      users.without_two_factor
+    else
+      users
+    end
+  end
 end
--- a/changelogs/unreleased/dz-add-2fa-filter-admin-api.yml
+++ b/changelogs/unreleased/dz-add-2fa-filter-admin-api.yml
+---
+title: Add 2FA filter to users API for admins only
+merge_request: 18503
+author:
+type: changed
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -55,6 +55,7 @@ GET /users
 | --------- | ---- | -------- | ----------- |
 | `order_by` | string | no | Return projects ordered by `id`, `name`, `username`, `created_at`, or `updated_at` fields. Default is `id` |
 | `sort` | string | no | Return projects sorted in `asc` or `desc` order. Default is `desc` |
+| `two_factor` | string | no | Filter users by Two-factor authentication. Filter values are `enabled` or `disabled`. By default it returns all users |

 ```json
 [

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -77,7 +77,7 @@ module API
        authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?)

        unless current_user&.admin?
-          params.except!(:created_after, :created_before, :order_by, :sort)
+          params.except!(:created_after, :created_before, :order_by, :sort, :two_factor)
        end

        users = UsersFinder.new(current_user, params).execute

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -212,6 +212,18 @@ describe API::Users do
        expect(json_response.last['id']).to eq(user.id)
      end

+      it 'returns users with 2fa enabled' do
+        admin
+        user
+        user_with_2fa = create(:user, :two_factor_via_otp)
+
+        get api('/users', admin), { two_factor: 'enabled' }
+
+        expect(response).to match_response_schema('public_api/v4/user/admins')
+        expect(json_response.size).to eq(1)
+        expect(json_response.first['id']).to eq(user_with_2fa.id)
+      end
+
      it 'returns 400 when provided incorrect sort params' do
        get api('/users', admin), { order_by: 'magic', sort: 'asc' }