From 12a00969635f31fe75eaa6d9b06fccd0e2097807 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Mon, 15 Nov 2021 14:27:11 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E9=87=8D=E7=BD=AEmfa?=
 =?UTF-8?q?=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/users/api/user.py      | 13 +++++++------
 apps/users/urls/api_urls.py |  4 ++--
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index 2499e7b78..fe902e8c5 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -28,7 +28,7 @@ from ..filters import OrgRoleUserFilterBackend, UserFilter
 logger = get_logger(__name__)
 __all__ = [
     'UserViewSet', 'UserChangePasswordApi',
-    'UserUnblockPKApi', 'UserResetOTPApi',
+    'UserUnblockPKApi', 'UserResetMFAApi',
 ]
 
 
@@ -199,7 +199,7 @@ class UserUnblockPKApi(UserQuerysetMixin, generics.UpdateAPIView):
         MFABlockUtils.unblock_user(username)
 
 
-class UserResetOTPApi(UserQuerysetMixin, generics.RetrieveAPIView):
+class UserResetMFAApi(UserQuerysetMixin, generics.RetrieveAPIView):
     permission_classes = (IsOrgAdmin,)
     serializer_class = serializers.ResetOTPSerializer
 
@@ -209,9 +209,10 @@ class UserResetOTPApi(UserQuerysetMixin, generics.RetrieveAPIView):
             msg = _("Could not reset self otp, use profile reset instead")
             return Response({"error": msg}, status=401)
 
-        if user.mfa_enabled:
-            user.reset_mfa()
-            user.save()
+        backends = user.active_mfa_backends_mapper
+        for backend in backends:
+            if backend.can_disable():
+                backend.disable()
 
-            ResetMFAMsg(user).publish_async()
+        ResetMFAMsg(user).publish_async()
         return Response({"msg": "success"})
diff --git a/apps/users/urls/api_urls.py b/apps/users/urls/api_urls.py
index 8b9c538bd..af24fc147 100644
--- a/apps/users/urls/api_urls.py
+++ b/apps/users/urls/api_urls.py
@@ -23,8 +23,8 @@ urlpatterns = [
     path('profile/', api.UserProfileApi.as_view(), name='user-profile'),
     path('profile/password/', api.UserPasswordApi.as_view(), name='user-password'),
     path('profile/public-key/', api.UserPublicKeyApi.as_view(), name='user-public-key'),
-    path('otp/reset/', api.UserResetOTPApi.as_view(), name='my-otp-reset'),
-    path('users/<uuid:pk>/otp/reset/', api.UserResetOTPApi.as_view(), name='user-reset-otp'),
+    path('profile/mfa/reset/', api.UserResetMFAApi.as_view(), name='my-mfa-reset'),
+    path('users/<uuid:pk>/mfa/reset/', api.UserResetMFAApi.as_view(), name='user-reset-mfa'),
     path('users/<uuid:pk>/password/', api.UserChangePasswordApi.as_view(), name='change-user-password'),
     path('users/<uuid:pk>/password/reset/', api.UserResetPasswordApi.as_view(), name='user-reset-password'),
     path('users/<uuid:pk>/pubkey/reset/', api.UserResetPKApi.as_view(), name='user-public-key-reset'),