From dacd28e41758c1101aa9ba58723894f4083b9be3 Mon Sep 17 00:00:00 2001
From: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>
Date: Wed, 29 Jan 2025 11:12:47 -0700
Subject: [PATCH] bug: fix renable totpAllowed = true after disable (#423)

Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>
---
 internal/ent/hooks/tfasettings.go    | 4 ++--
 internal/graphapi/tfasetting_test.go | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/internal/ent/hooks/tfasettings.go b/internal/ent/hooks/tfasettings.go
index 58f449a8..987b20b5 100644
--- a/internal/ent/hooks/tfasettings.go
+++ b/internal/ent/hooks/tfasettings.go
@@ -94,8 +94,8 @@ func HookVerifyTFA() ent.Hook {
 			if ok && !totpAllowed {
 				// if TOTP is not allowed, clear the TFA settings
 				m.SetVerified(false)
-				m.SetRecoveryCodes(nil)
-				m.SetTfaSecret("")
+				m.ClearRecoveryCodes()
+				m.ClearTfaSecret()
 
 				// disable TFA on the user settings
 				if err := setUserTFASetting(ctx, m, false); err != nil {
diff --git a/internal/graphapi/tfasetting_test.go b/internal/graphapi/tfasetting_test.go
index 09037d24..1bdf8ccf 100644
--- a/internal/graphapi/tfasetting_test.go
+++ b/internal/graphapi/tfasetting_test.go
@@ -227,7 +227,7 @@ func (suite *GraphTestSuite) TestMutationUpdateTFASetting() {
 				TotpAllowed: lo.ToPtr(true),
 			},
 			client: suite.client.api,
-			ctx:    testUser2.UserCtx,
+			ctx:    testUser1.UserCtx,
 		},
 	}
 
@@ -272,6 +272,9 @@ func (suite *GraphTestSuite) TestMutationUpdateTFASetting() {
 			} else if !*tc.input.TotpAllowed { // settings were cleared
 				assert.Empty(t, resp.UpdateTFASetting.QRCode)
 				assert.Empty(t, resp.UpdateTFASetting.TfaSecret)
+				assert.Empty(t, resp.UpdateTFASetting.RecoveryCodes)
+				assert.False(t, resp.UpdateTFASetting.TfaSetting.Verified)
+				assert.False(t, *resp.UpdateTFASetting.TfaSetting.TotpAllowed)
 			}
 
 			// make sure user setting is updated correctly