Files
OmniOilPersonal/openspec/changes/console-totp-2fa/specs/console-totp-admin-ui/spec.md
2026-05-08 05:37:24 -05:00

55 lines
2.1 KiB
Markdown

# Console TOTP Admin UI Specification
## Purpose
Admin interface for `platform_admin` users to view 2FA enrollment status across platform users and to reset a user's 2FA when required.
## Requirements
### Requirement: Platform Users List with 2FA Status
The platform users management area MUST display each user's 2FA enrollment status (enabled / disabled). This information MUST be fetched from the backend and MUST reflect the current `two_factor_enabled` value.
#### Scenario: User list shows 2FA status column
- GIVEN a `platform_admin` visits the platform users list
- WHEN the list renders
- THEN each user row displays their 2FA enrollment state (e.g. "Enabled" or "Disabled")
---
### Requirement: Admin 2FA Reset Action with Confirmation
For each user in the list, the UI MUST provide a "Reset 2FA" action. Activating the action MUST present a confirmation modal before calling the backend. The modal MUST identify the target user. Only on confirmation does the UI call `POST /api/platform/users/:id/2fa-reset`.
On a successful reset (HTTP 204), the UI MUST display a success toast notification and refresh the user list to reflect the updated 2FA state.
#### Scenario: Reset action opens confirmation modal
- GIVEN a `platform_admin` is viewing the user list
- WHEN they activate "Reset 2FA" for a user
- THEN a modal is displayed asking for confirmation
- AND the target user's name or email is visible in the modal
#### Scenario: Cancel closes modal without calling API
- GIVEN the confirmation modal is open
- WHEN the admin clicks "Cancel"
- THEN the modal closes
- AND `POST /api/platform/users/:id/2fa-reset` is NOT called
#### Scenario: Confirm triggers reset and refreshes list
- GIVEN the confirmation modal is open
- WHEN the admin clicks "Confirm"
- THEN `POST /api/platform/users/:id/2fa-reset` is called
- AND on HTTP 204 a success toast is shown
- AND the user list refreshes and shows the target user's 2FA as "Disabled"
#### Scenario: API error shown to admin
- GIVEN the confirmation modal is open and the admin confirms
- WHEN the API returns a non-204 error
- THEN an error toast is displayed
- AND the modal closes without changing the list state