Files
OmniOilPersonal/openspec/changes/console-totp-2fa/specs/console-totp-admin-ui/spec.md
2026-05-08 05:37:24 -05:00

2.1 KiB

Console TOTP Admin UI Specification

Purpose

Admin interface for platform_admin users to view 2FA enrollment status across platform users and to reset a user's 2FA when required.

Requirements

Requirement: Platform Users List with 2FA Status

The platform users management area MUST display each user's 2FA enrollment status (enabled / disabled). This information MUST be fetched from the backend and MUST reflect the current two_factor_enabled value.

Scenario: User list shows 2FA status column

  • GIVEN a platform_admin visits the platform users list
  • WHEN the list renders
  • THEN each user row displays their 2FA enrollment state (e.g. "Enabled" or "Disabled")

Requirement: Admin 2FA Reset Action with Confirmation

For each user in the list, the UI MUST provide a "Reset 2FA" action. Activating the action MUST present a confirmation modal before calling the backend. The modal MUST identify the target user. Only on confirmation does the UI call POST /api/platform/users/:id/2fa-reset.

On a successful reset (HTTP 204), the UI MUST display a success toast notification and refresh the user list to reflect the updated 2FA state.

Scenario: Reset action opens confirmation modal

  • GIVEN a platform_admin is viewing the user list
  • WHEN they activate "Reset 2FA" for a user
  • THEN a modal is displayed asking for confirmation
  • AND the target user's name or email is visible in the modal

Scenario: Cancel closes modal without calling API

  • GIVEN the confirmation modal is open
  • WHEN the admin clicks "Cancel"
  • THEN the modal closes
  • AND POST /api/platform/users/:id/2fa-reset is NOT called

Scenario: Confirm triggers reset and refreshes list

  • GIVEN the confirmation modal is open
  • WHEN the admin clicks "Confirm"
  • THEN POST /api/platform/users/:id/2fa-reset is called
  • AND on HTTP 204 a success toast is shown
  • AND the user list refreshes and shows the target user's 2FA as "Disabled"

Scenario: API error shown to admin

  • GIVEN the confirmation modal is open and the admin confirms
  • WHEN the API returns a non-204 error
  • THEN an error toast is displayed
  • AND the modal closes without changing the list state