From f9a202c52307d656b171fb3386db1adc6d1e7f6f Mon Sep 17 00:00:00 2001
From: Sandra Kuipers <skuipers@ichk.edu.hk>
Date: Fri, 6 Dec 2024 15:19:10 +0800
Subject: [PATCH] System: temporarily disable MFA in preferences

---
 CHANGELOG.txt   |  1 +
 preferences.php | 71 ++++++++++++++++++++++++-------------------------
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 8cfeea369f..1c27aed735 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -30,6 +30,7 @@ v29.0.00
 
     Tweaks & Additions
         System: added Chilean Peso (CLP $) as an available currency
+        System: temporarily disabled MFA toggle in Preferences page
         Attendance: prevent setting partial future absence if a full-day absence already exists
         Behaviour: added level and descriptor details to behaviour notification events
         Messenger: updated the check-all option in Send Report to only select required recipients
diff --git a/preferences.php b/preferences.php
index fe75cba5cf..91943c08f2 100644
--- a/preferences.php
+++ b/preferences.php
@@ -56,16 +56,16 @@
     if ($result->rowCount() == 1) {
         $values = $result->fetch();
     }
-    $tfa = new RobThree\Auth\TwoFactorAuth('Gibbon'); //TODO: change the name to be based on the actual value of the school's gibbon name or similar...
-
-    //Check if there is an existing MFA Secret, so that we don't create a new one accidentally, and to have the correct values load below...
-    if (!empty($values['mfaSecret'])) {
-        $secret = $values['mfaSecret'];
-        $secretcheck = !empty($secret) ? 'Y' : 'N';
-    } else {
-        $secret = $tfa->createSecret();
-        $secretcheck = 'N';
-    }
+    // $tfa = new RobThree\Auth\TwoFactorAuth('Gibbon'); //TODO: change the name to be based on the actual value of the school's gibbon name or similar...
+
+    // //Check if there is an existing MFA Secret, so that we don't create a new one accidentally, and to have the correct values load below...
+    // if (!empty($values['mfaSecret'])) {
+    //     $secret = $values['mfaSecret'];
+    //     $secretcheck = !empty($secret) ? 'Y' : 'N';
+    // } else {
+    //     $secret = $tfa->createSecret();
+    //     $secretcheck = 'N';
+    // }
 
     $form = Form::create('resetPassword', $session->get('absoluteURL').'/preferencesPasswordProcess.php');
 
@@ -92,14 +92,14 @@
             ->required()
             ->maxLength(30);
 
-    if ($secretcheck == 'Y') {
-        $row = $form->addRow();
-            $row->addLabel('mfaCode', __('Multi Factor Authentication Code'))->description(__('In order to change your password, please input the current 6 digit token'));
-            $row->addNumber('mfaCode')->isRequired(); //TODO: Add visual validation that it's a 6 digit number, bit finnicky because there's the possibility of leading 0s this can't be done with max/min values... also not required for it to work.
-    }
+    // if ($secretcheck == 'Y') {
+    //     $row = $form->addRow();
+    //         $row->addLabel('mfaCode', __('Multi Factor Authentication Code'))->description(__('In order to change your password, please input the current 6 digit token'));
+    //         $row->addNumber('mfaCode')->isRequired(); //TODO: Add visual validation that it's a 6 digit number, bit finnicky because there's the possibility of leading 0s this can't be done with max/min values... also not required for it to work.
+    // }
 
-    $form->addHiddenValue('mfaSecret', $secret);
-    $form->addHiddenValue('mfaEnable', $secretcheck);
+    // $form->addHiddenValue('mfaSecret', $secret);
+    // $form->addHiddenValue('mfaEnable', $secretcheck);
 
     $row = $form->addRow();
         $row->addFooter();
@@ -148,28 +148,27 @@
             $row->addYesNo('receiveNotificationEmails');
 
 
-        $form->addHiddenValue('mfaSecret', $secret);
+        // $form->addHiddenValue('mfaSecret', $secret);
 
-
-        $row = $form->addRow();
-            $row->addLabel('mfaEnable', __('Enable Multi Factor Authentication?'))->description(__('Enhance the security of your account login.'));
-            $row->addYesNo('mfaEnable')->selected($secretcheck);
+    //     $row = $form->addRow();
+    //         $row->addLabel('mfaEnable', __('Enable Multi Factor Authentication?'))->description(__('Enhance the security of your account login.'));
+    //         $row->addYesNo('mfaEnable')->selected($secretcheck);
 
 
-       //If MFA wasn't previously set, show the MFA QR code.
-        if ($secretcheck == 'N') {
-            $form->toggleVisibilityByClass('toggle')->onSelect('mfaEnable')->when('Y');
-            $row = $form->addRow()->addClass('toggle');
-                $row->addLabel('mfaCode', __('Multi Factor Authentication Code'))->description(__('Scan the below QR code in your relevant authenticator app and input the code it provides, ensuring it doesn\'t expire before you submit the form.').'<br><img src='. $tfa->getQRCodeImageAsDataUri('Login', $secret) .'>');
-                $row->addNumber('mfaCode'); //TODO: Add visual validation that it's a 6 digit number, bit finnicky because there's the possibility of leading 0s this can't be done with max/min values... also not required for it to work.
-        }
-        //If MFA was previously set, and is being disabled
-        if ($secretcheck == 'Y' && !empty($values['mfaSecret'])) {
-            $form->toggleVisibilityByClass('toggle')->onSelect('mfaEnable')->when('N');
-            $row = $form->addRow()->addClass('toggle');
-                $row->addLabel('mfaCode', __('Multi Factor Authentication Code'))->description(__('In order to disable your Multi Factor Authentication, please input the current 6 digit token'));
-                $row->addNumber('mfaCode'); //TODO: Add visual validation that it's a 6 digit number, bit finnicky because there's the possibility of leading 0s this can't be done with max/min values... also not required for it to work.
-        }
+    //    //If MFA wasn't previously set, show the MFA QR code.
+    //     if ($secretcheck == 'N') {
+    //         $form->toggleVisibilityByClass('toggle')->onSelect('mfaEnable')->when('Y');
+    //         $row = $form->addRow()->addClass('toggle');
+    //             $row->addLabel('mfaCode', __('Multi Factor Authentication Code'))->description(__('Scan the below QR code in your relevant authenticator app and input the code it provides, ensuring it doesn\'t expire before you submit the form.').'<br><img src='. $tfa->getQRCodeImageAsDataUri('Login', $secret) .'>');
+    //             $row->addNumber('mfaCode'); //TODO: Add visual validation that it's a 6 digit number, bit finnicky because there's the possibility of leading 0s this can't be done with max/min values... also not required for it to work.
+    //     }
+    //     //If MFA was previously set, and is being disabled
+    //     if ($secretcheck == 'Y' && !empty($values['mfaSecret'])) {
+    //         $form->toggleVisibilityByClass('toggle')->onSelect('mfaEnable')->when('N');
+    //         $row = $form->addRow()->addClass('toggle');
+    //             $row->addLabel('mfaCode', __('Multi Factor Authentication Code'))->description(__('In order to disable your Multi Factor Authentication, please input the current 6 digit token'));
+    //             $row->addNumber('mfaCode'); //TODO: Add visual validation that it's a 6 digit number, bit finnicky because there's the possibility of leading 0s this can't be done with max/min values... also not required for it to work.
+    //     }
 
         //TODO: Allow for easy reset of MFA secret, currently would need to disable and then re-enable MFA to do so