diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index 1ac03af5e..7e4d60646 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -16,6 +16,7 @@ from common.mixins import CommonApiMixin
from common.utils import get_logger
from orgs.utils import current_org
from orgs.models import ROLE as ORG_ROLE, OrganizationMember
+from users.utils import send_reset_mfa_mail
from .. import serializers
from ..serializers import UserSerializer, UserRetrieveSerializer, MiniUserSerializer, InviteSerializer
from .mixins import UserQuerysetMixin
@@ -201,4 +202,5 @@ class UserResetOTPApi(UserQuerysetMixin, generics.RetrieveAPIView):
if user.mfa_enabled:
user.reset_mfa()
user.save()
+ send_reset_mfa_mail(user)
return Response({"msg": "success"})
diff --git a/apps/users/utils.py b/apps/users/utils.py
index 94669c03a..0bef4fcc2 100644
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -235,6 +235,28 @@ def send_reset_ssh_key_mail(user):
send_mail_async.delay(subject, message, recipient_list, html_message=message)
+def send_reset_mfa_mail(user):
+ subject = _('MFA Reset')
+ recipient_list = [user.email]
+ message = _("""
+ Hello %(name)s:
+
+ Your MFA has been reset by site administrator.
+ Please login and reset your MFA.
+
+ Login direct
+
+
+ """) % {
+ 'name': user.name,
+ 'login_url': reverse('authentication:login', external=True),
+ }
+ if settings.DEBUG:
+ logger.debug(message)
+
+ send_mail_async.delay(subject, message, recipient_list, html_message=message)
+
+
def get_user_or_pre_auth_user(request):
user = request.user
if user.is_authenticated: