Don't allow gitlab users to activate mfa (#3125)

api/user.go

@@ -2336,6 +2336,10 @@ func ActivateMfa(userId, token string) *model.AppError {
 		user = result.Data.(*model.User)
 	}
 
+	if len(user.AuthService) > 0 && user.AuthService != model.USER_AUTH_SERVICE_LDAP {
+		return model.NewLocAppError("ActivateMfa", "api.user.activate_mfa.email_and_ldap_only.app_error", nil, "")
+	}
+
 	if err := mfaInterface.Activate(user, token); err != nil {
 		return err
 	}

i18n/en.json

@@ -1735,6 +1735,10 @@
     "id": "api.user.update_mfa.not_available.app_error",
     "translation": "MFA not configured or available on this server"
   },
+  {
+    "id": "api.user.activate_mfa.email_and_ldap_only.app_error",
+    "translation": "MFA is not available for this account type"
+  },
   {
     "id": "api.user.update_password.context.app_error",
     "translation": "Update password failed because context user_id did not match props user_id"

webapp/components/user_settings/user_settings_security.jsx

@@ -61,6 +61,7 @@ class SecurityTab extends React.Component {
 
         this.state = this.getDefaultState();
     }
+
     getDefaultState() {
         return {
             currentPassword: '',
@@ -71,6 +72,7 @@ class SecurityTab extends React.Component {
             mfaToken: ''
         };
     }
+
     submitPassword(e) {
         e.preventDefault();
 
@@ -117,6 +119,7 @@ class SecurityTab extends React.Component {
             }
         );
     }
+
     activateMfa() {
         Client.updateMfa(
             this.state.mfaToken,
@@ -138,6 +141,7 @@ class SecurityTab extends React.Component {
             }
         );
     }
+
     deactivateMfa() {
         Client.updateMfa(
             '',
@@ -159,22 +163,28 @@ class SecurityTab extends React.Component {
             }
         );
     }
+
     updateCurrentPassword(e) {
         this.setState({currentPassword: e.target.value});
     }
+
     updateNewPassword(e) {
         this.setState({newPassword: e.target.value});
     }
+
     updateConfirmPassword(e) {
         this.setState({confirmPassword: e.target.value});
     }
+
     updateMfaToken(e) {
         this.setState({mfaToken: e.target.value});
     }
+
     showQrCode(e) {
         e.preventDefault();
         this.setState({mfaShowQr: true});
     }
+
     createMfaSection() {
         let updateSectionStatus;
         let submit;
@@ -329,6 +339,7 @@ class SecurityTab extends React.Component {
             />
         );
     }
+
     createPasswordSection() {
         let updateSectionStatus;
 
@@ -519,6 +530,7 @@ class SecurityTab extends React.Component {
             />
         );
     }
+
     createSignInSection() {
         let updateSectionStatus;
         const user = this.props.user;
@@ -676,7 +688,10 @@ class SecurityTab extends React.Component {
             />
         );
     }
+
     render() {
+        const user = this.props.user;
+
         const passwordSection = this.createPasswordSection();
 
         let numMethods = 0;
@@ -690,7 +705,9 @@ class SecurityTab extends React.Component {
         }
 
         let mfaSection;
-        if (global.window.mm_config.EnableMultifactorAuthentication === 'true' && global.window.mm_license.IsLicensed === 'true') {
+        if (global.window.mm_config.EnableMultifactorAuthentication === 'true' &&
+                global.window.mm_license.IsLicensed === 'true' &&
+                (user.auth_service === '' || user.auth_service === Constants.LDAP_SERVICE)) {
             mfaSection = this.createMfaSection();
         }