55 lines
2.1 KiB
Markdown
55 lines
2.1 KiB
Markdown
# Console TOTP Admin UI Specification
|
|
|
|
## Purpose
|
|
|
|
Admin interface for `platform_admin` users to view 2FA enrollment status across platform users and to reset a user's 2FA when required.
|
|
|
|
## Requirements
|
|
|
|
### Requirement: Platform Users List with 2FA Status
|
|
|
|
The platform users management area MUST display each user's 2FA enrollment status (enabled / disabled). This information MUST be fetched from the backend and MUST reflect the current `two_factor_enabled` value.
|
|
|
|
#### Scenario: User list shows 2FA status column
|
|
|
|
- GIVEN a `platform_admin` visits the platform users list
|
|
- WHEN the list renders
|
|
- THEN each user row displays their 2FA enrollment state (e.g. "Enabled" or "Disabled")
|
|
|
|
---
|
|
|
|
### Requirement: Admin 2FA Reset Action with Confirmation
|
|
|
|
For each user in the list, the UI MUST provide a "Reset 2FA" action. Activating the action MUST present a confirmation modal before calling the backend. The modal MUST identify the target user. Only on confirmation does the UI call `POST /api/platform/users/:id/2fa-reset`.
|
|
|
|
On a successful reset (HTTP 204), the UI MUST display a success toast notification and refresh the user list to reflect the updated 2FA state.
|
|
|
|
#### Scenario: Reset action opens confirmation modal
|
|
|
|
- GIVEN a `platform_admin` is viewing the user list
|
|
- WHEN they activate "Reset 2FA" for a user
|
|
- THEN a modal is displayed asking for confirmation
|
|
- AND the target user's name or email is visible in the modal
|
|
|
|
#### Scenario: Cancel closes modal without calling API
|
|
|
|
- GIVEN the confirmation modal is open
|
|
- WHEN the admin clicks "Cancel"
|
|
- THEN the modal closes
|
|
- AND `POST /api/platform/users/:id/2fa-reset` is NOT called
|
|
|
|
#### Scenario: Confirm triggers reset and refreshes list
|
|
|
|
- GIVEN the confirmation modal is open
|
|
- WHEN the admin clicks "Confirm"
|
|
- THEN `POST /api/platform/users/:id/2fa-reset` is called
|
|
- AND on HTTP 204 a success toast is shown
|
|
- AND the user list refreshes and shows the target user's 2FA as "Disabled"
|
|
|
|
#### Scenario: API error shown to admin
|
|
|
|
- GIVEN the confirmation modal is open and the admin confirms
|
|
- WHEN the API returns a non-204 error
|
|
- THEN an error toast is displayed
|
|
- AND the modal closes without changing the list state
|