Allow admins to disable 2fa

app/config/security.yml

@@ -68,6 +68,7 @@ security:
         ROLE_EDIT_PACKAGES: ~
         ROLE_ANTISPAM: ~
         ROLE_SPAMMER: ~
+        ROLE_DISABLE_2FA: ~
 
-        ROLE_ADMIN:       [ ROLE_USER, ROLE_UPDATE_PACKAGES, ROLE_EDIT_PACKAGES, ROLE_DELETE_PACKAGES, ROLE_ANTISPAM ]
+        ROLE_ADMIN:       [ ROLE_USER, ROLE_UPDATE_PACKAGES, ROLE_EDIT_PACKAGES, ROLE_DELETE_PACKAGES, ROLE_ANTISPAM, ROLE_DISABLE_2FA ]
         ROLE_SUPERADMIN:  [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]

src/Packagist/WebBundle/Controller/UserController.php

@@ -281,7 +281,7 @@ class UserController extends Controller
      */
     public function configureTwoFactorAuthAction(User $user)
     {
-        if ($user->getId() !== $this->getUser()->getId()) {
+        if (!($this->isGranted('ROLE_DISABLE_2FA') || $user->getId() === $this->getUser()->getId())) {
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
         }
 
@@ -335,7 +335,7 @@ class UserController extends Controller
      */
     public function disableTwoFactorAuthAction(Request $req, User $user)
     {
-        if ($user->getId() !== $this->getUser()->getId()) {
+        if (!($this->isGranted('ROLE_DISABLE_2FA') || $user->getId() === $this->getUser()->getId())) {
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
         }
 

src/Packagist/WebBundle/Resources/views/user/configure_two_factor_auth.html.twig

@@ -7,14 +7,24 @@
 {% block content %}
     <h2 class="title">
         {{ user.username }}
+        <small>
+            {%- if not isActualUser %}
+                member since: {{ user.createdAt|date('M d, Y') }}
+                {%- if is_granted('ROLE_ADMIN') %}
+                    <a href="mailto:{{ user.email }}">{{ user.email }}</a>
+                {%- endif %}
+            {%- endif %}
+        </small>
     </h2>
 
     <section class="row">
-        <section class="col-md-3">
-            {{ knp_menu_render('profile_menu', {currentClass: 'active', allow_safe_labels: true}) }}
-        </section>
+        {% if isActualUser %}
+            <section class="col-md-3">
+                {{ knp_menu_render('profile_menu', {currentClass: 'active', allow_safe_labels: true}) }}
+            </section>
+        {% endif %}
 
-        <section class="col-md-9">
+        <section class="{{ isActualUser ? 'col-md-9' : 'col-md-12' }}">
             {% if user.totpAuthenticationEnabled %}
                 <p class="alert alert-success">
                     <span class="icon-lock"></span>

src/Packagist/WebBundle/Resources/views/user/disable_two_factor_auth.html.twig

@@ -7,14 +7,24 @@
 {% block content %}
     <h2 class="title">
         {{ user.username }}
+        <small>
+            {%- if not isActualUser %}
+                member since: {{ user.createdAt|date('M d, Y') }}
+                {%- if is_granted('ROLE_ADMIN') %}
+                    <a href="mailto:{{ user.email }}">{{ user.email }}</a>
+                {%- endif %}
+            {%- endif %}
+        </small>
     </h2>
 
     <section class="row">
-        <section class="col-md-3">
-            {{ knp_menu_render('profile_menu', {currentClass: 'active', allow_safe_labels: true}) }}
-        </section>
+        {% if isActualUser %}
+            <section class="col-md-3">
+                {{ knp_menu_render('profile_menu', {currentClass: 'active', allow_safe_labels: true}) }}
+            </section>
+        {% endif %}
 
-        <section class="col-md-9">
+        <section class="{{ isActualUser ? 'col-md-9' : 'col-md-12' }}">
             <h3 class="text-danger">Are you sure you wish to disable two-factor authentication?</h3>
 
             <p>Your account is more secure when you need a password and a verification code to sign in. If you remove this extra layer of security, you will only be asked for a password when you sign in. It might be easier for someone to break into your account.</p>

src/Packagist/WebBundle/Resources/views/user/enable_two_factor_auth.html.twig

@@ -7,14 +7,24 @@
 {% block content %}
     <h2 class="title">
         {{ user.username }}
+        <small>
+            {%- if not isActualUser %}
+                member since: {{ user.createdAt|date('M d, Y') }}
+                {%- if is_granted('ROLE_ADMIN') %}
+                    <a href="mailto:{{ user.email }}">{{ user.email }}</a>
+                {%- endif %}
+            {%- endif %}
+        </small>
     </h2>
 
     <section class="row">
-        <section class="col-md-3">
-            {{ knp_menu_render('profile_menu', {currentClass: 'active', allow_safe_labels: true}) }}
-        </section>
+        {% if isActualUser %}
+            <section class="col-md-3">
+                {{ knp_menu_render('profile_menu', {currentClass: 'active', allow_safe_labels: true}) }}
+            </section>
+        {% endif %}
 
-        <section class="col-md-9">
+        <section class="{{ isActualUser ? 'col-md-9' : 'col-md-12' }}">
             <p>
                 To enable two-factor authentication, you'll need a mobile app that supports TOTP such as
                 <a href="https://authy.com/download/">Authy</a>