Issue Summary

From Bamboo 10.1.0, If a user who is enrolled in two-step verification (2SV) is unable to authenticate and has lost their recovery codes, the only way they can regain access to Bamboo is if an admin Unenroll their 2SV enrolment via REST API]. 

It would be more ideal for admins to have the ability to clear a 2SV user enrolment via the UI

This is reproducible on Data Center: Yes

Steps to Reproduce

1. Create a user / use an existing user.
2. Enable two-step verification (2SV).
3. There is no option to login without 2SV/Recovery key.
4. There is no option to delete the 2SV enrolment for the admin from UI

Expected Results

Admin should have an option to delete the enrolment from the UI

Actual Results

There is no option for the admin to delete the enrolment from the UI

Workaround

Admins can Unenroll their 2SV enrolment via REST API. Please note that the admin accessing the API must have already enabled 2SV and will need to provide their own 2SV code (not the user's 2SV) in the request body.

Below is the example of the Rest API:

curl -u <ADMIN_USERNAME>:<ADMIN_PASSWORD> -L -X DELETE -H "Content-Type: application/json" '<BAMBOO_BASE_URL>/rest/tsv/latest/totp/unenroll/user/<USER_NAME_TO_BE_UNENROLLED>' --data '{"totpCode":"<ADMIN_2SV>"}'

Replace the below place holders with the actual values 

• <ADMIN_USERNAME> - Username of the admin user who enabled 2SV
• <ADMIN_PASSWORD> - Password of the admin user who enabled 2SV
• <BAMBOO_BASE_URL> - Bamboo Base URL
• <USER_NAME_TO_BE_UNENROLLED> - Username of the user whose 2SV need to be unenroled
• <ADMIN_2SV> - Admin user 2SV code