feat: mfa reset - wip

apps/client/src/ee/mfa/services/mfa-service.ts

@@ -59,3 +59,10 @@ export async function validateMfaAccess(): Promise<MfaAccessValidationResponse>
     return { valid: false };
   }
 }
+
+export async function resetUserMfa(
+  userId: string,
+): Promise<{ success: boolean }> {
+  const req = await api.post<{ success: boolean }>('/mfa/reset', { userId });
+  return req.data;
+}

apps/client/src/features/workspace/components/members/components/members-action-menu.tsx

@@ -1,23 +1,41 @@
 import { Menu, ActionIcon, Text } from "@mantine/core";
 import React from "react";
-import { IconDots, IconTrash } from "@tabler/icons-react";
+import { IconDots, IconTrash, IconShieldOff } from "@tabler/icons-react";
 import { modals } from "@mantine/modals";
-import { useDeleteWorkspaceMemberMutation } from "@/features/workspace/queries/workspace-query.ts";
+import { 
+  useDeleteWorkspaceMemberMutation,
+  useResetUserMfaMutation 
+} from "@/features/workspace/queries/workspace-query.ts";
 import { useTranslation } from "react-i18next";
 import useUserRole from "@/hooks/use-user-role.tsx";
+import { useLicense } from "@/ee/hooks/use-license.tsx";
+import { isCloud } from "@/lib/config.ts";
+import { UserRole } from "@/lib/types.ts";
 
 interface Props {
   userId: string;
+  userRole: string;
 }
-export default function MemberActionMenu({ userId }: Props) {
+export default function MemberActionMenu({ userId, userRole }: Props) {
   const { t } = useTranslation();
   const deleteWorkspaceMemberMutation = useDeleteWorkspaceMemberMutation();
-  const { isAdmin } = useUserRole();
+  const resetUserMfaMutation = useResetUserMfaMutation();
+  const { isAdmin, isOwner } = useUserRole();
+  const { hasLicenseKey } = useLicense();
+  
+  // Show MFA reset only for self-hosted enterprise edition
+  // Admins cannot reset MFA for owners
+  const canResetMfa = isOwner || (isAdmin && userRole !== UserRole.OWNER);
+  const showMfaReset = !isCloud() && hasLicenseKey && canResetMfa;
 
   const onRevoke = async () => {
     await deleteWorkspaceMemberMutation.mutateAsync({ userId });
   };
 
+  const onResetMfa = async () => {
+    await resetUserMfaMutation.mutateAsync({ userId });
+  };
+
   const openRevokeModal = () =>
     modals.openConfirmModal({
       title: t("Delete member"),
@@ -34,6 +52,22 @@ export default function MemberActionMenu({ userId }: Props) {
       onConfirm: onRevoke,
     });
 
+  const openResetMfaModal = () =>
+    modals.openConfirmModal({
+      title: t("Reset MFA"),
+      children: (
+        <Text size="sm">
+          {t(
+            "Are you sure you want to reset MFA for this user? They will need to set up MFA again.",
+          )}
+        </Text>
+      ),
+      centered: true,
+      labels: { confirm: t("Reset"), cancel: t("Cancel") },
+      confirmProps: { color: "red" },
+      onConfirm: onResetMfa,
+    });
+
   return (
     <>
       <Menu
@@ -51,6 +85,14 @@ export default function MemberActionMenu({ userId }: Props) {
         </Menu.Target>
 
         <Menu.Dropdown>
+          {showMfaReset && (
+            <Menu.Item
+              onClick={openResetMfaModal}
+              leftSection={<IconShieldOff size={16} />}
+            >
+              {t("Reset MFA")}
+            </Menu.Item>
+          )}
           <Menu.Item
             c="red"
             onClick={openRevokeModal}

apps/client/src/features/workspace/components/members/components/workspace-members-table.tsx

@@ -98,7 +98,7 @@ export default function WorkspaceMembersTable() {
                     />
                   </Table.Td>
                   <Table.Td>
-                    {isAdmin && <MemberActionMenu userId={user.id} />}
+                    {isAdmin && <MemberActionMenu userId={user.id} userRole={user.role} />}
                   </Table.Td>
                 </Table.Tr>
               ))

apps/client/src/features/workspace/queries/workspace-query.ts

@@ -18,6 +18,7 @@ import {
   getAppVersion,
   deleteWorkspaceMember,
 } from "@/features/workspace/services/workspace-service";
+import { resetUserMfa } from "@/ee/mfa";
 import { IPagination, QueryParams } from "@/lib/types.ts";
 import { notifications } from "@mantine/notifications";
 import {
@@ -192,3 +193,29 @@ export function useAppVersion(
     refetchOnMount: true,
   });
 }
+
+export function useResetUserMfaMutation() {
+  const { t } = useTranslation();
+  const queryClient = useQueryClient();
+
+  return useMutation<
+    { success: boolean },
+    Error,
+    { userId: string }
+  >({
+    mutationFn: ({ userId }) => resetUserMfa(userId),
+    onSuccess: () => {
+      notifications.show({ 
+        message: t("MFA has been reset successfully"),
+        color: "green" 
+      });
+      queryClient.invalidateQueries({
+        queryKey: ["workspaceMembers"],
+      });
+    },
+    onError: (error) => {
+      const errorMessage = error["response"]?.data?.message || t("Failed to reset MFA");
+      notifications.show({ message: errorMessage, color: "red" });
+    },
+  });
+}