phoenixctms · rkrenn · Mar 7, 2024 · Mar 7, 2024 · Mar 7, 2024 · Mar 7, 2024
diff --git a/core/src/main/java/org/phoenixctms/ctsms/domain/PasswordDaoImpl.java b/core/src/main/java/org/phoenixctms/ctsms/domain/PasswordDaoImpl.java
@@ -200,5 +200,6 @@ public void toPasswordOutVO(
 			target.setExpiration(ServiceUtil.getLogonExpirationDate(source));
 		}
 		target.setOtpType(L10nUtil.createOTPAuthenticatorTypeVO(Locales.USER, source.getOtpType()));
+		target.setHasOtpSecret(source.getEncryptedOtpSecret() != null ? source.getEncryptedOtpSecret().length > 0 : false);
 	}
 }
diff --git a/core/src/main/java/org/phoenixctms/ctsms/util/ServiceUtil.java b/core/src/main/java/org/phoenixctms/ctsms/util/ServiceUtil.java
@@ -1906,7 +1906,11 @@ public static Password createPassword(boolean resetLogons, boolean resetOtpSecre
 			password.setShowOtpRegistrationInfo(false);
 		}
 		if (!resetOtpSecret && password.getOtpType() != null && lastPassword != null) {
-			resetOtpSecret = !password.getOtpType().equals(lastPassword.getOtpType());
+			if (lastPassword.getEncryptedOtpSecret() != null && lastPassword.getEncryptedOtpSecret().length > 0) {
+				resetOtpSecret = !password.getOtpType().equals(lastPassword.getOtpType());
+			} else {
+				resetOtpSecret = true;
+			}
 		}
 		if (resetOtpSecret) {
 			if (password.getOtpType() != null) {

diff --git a/mda/src/main/uml/UML_Standard_Profile.MagicDraw_Profile.DSL_Customization.profile.uml b/mda/src/main/uml/UML_Standard_Profile.MagicDraw_Profile.DSL_Customization.profile.uml
diff --git a/...rc/main/uml/UML_Standard_Profile.MagicDraw_Profile.Traceability_customization.profile.uml b/...rc/main/uml/UML_Standard_Profile.MagicDraw_Profile.Traceability_customization.profile.uml
diff --git a/mda/src/main/uml/UML_Standard_Profile.MagicDraw_Profile.profile.uml b/mda/src/main/uml/UML_Standard_Profile.MagicDraw_Profile.profile.uml
diff --git a/mda/src/main/uml/UML_Standard_Profile.StandardProfileL2.profile.uml b/mda/src/main/uml/UML_Standard_Profile.StandardProfileL2.profile.uml
diff --git a/mda/src/main/uml/UML_Standard_Profile.StandardProfileL3.profile.uml b/mda/src/main/uml/UML_Standard_Profile.StandardProfileL3.profile.uml
diff --git a/mda/src/main/uml/UML_Standard_Profile.Validation_Profile.profile.uml b/mda/src/main/uml/UML_Standard_Profile.Validation_Profile.profile.uml
diff --git a/mda/src/main/uml/andromda-common.andromda-persistence.profile.uml b/mda/src/main/uml/andromda-common.andromda-persistence.profile.uml
diff --git a/mda/src/main/uml/andromda-common.andromda-service.profile.uml b/mda/src/main/uml/andromda-common.andromda-service.profile.uml
diff --git a/mda/src/main/uml/andromda-common.profile.uml b/mda/src/main/uml/andromda-common.profile.uml
diff --git a/mda/src/main/uml/andromda-presentation.profile.uml b/mda/src/main/uml/andromda-presentation.profile.uml
diff --git a/mda/src/main/uml/andromda-process.profile.uml b/mda/src/main/uml/andromda-process.profile.uml
diff --git a/mda/src/main/uml/andromda-webservice.profile.uml b/mda/src/main/uml/andromda-webservice.profile.uml
diff --git a/mda/src/main/uml/andromda-xml.profile.uml b/mda/src/main/uml/andromda-xml.profile.uml
diff --git a/mda/src/main/uml/ctsms.uml b/mda/src/main/uml/ctsms.uml
diff --git a/mda/src/main/uml/ctsms.xml b/mda/src/main/uml/ctsms.xml
diff --git a/web/src/main/webapp/META-INF/includes/user/password.xhtml b/web/src/main/webapp/META-INF/includes/user/password.xhtml
@@ -385,7 +385,7 @@
 									actionListener="#{passwordBean.add}"
 									oncomplete="handleUpdateUserTabTitles(xhr, status, args)"
 									icon="ui-icon ui-icon-disk" ajax="true"
-									disabled="#{!passwordBean.createable or (!passwordBean.created and passwordBean.in.enable2fa)}"
+									disabled="#{!passwordBean.createable or ((!passwordBean.created or !passwordBean.out.hasOtpSecret) and passwordBean.in.enable2fa)}"
 									update="password_input,passwordadd_departmentpassword"/>
 
 								<p:commandButton process="@this,password_input"
@@ -461,7 +461,7 @@
 					onstart="setHiddenField('tabView:password_form:departmentPassword',passwordAddDepartmentPassword.getValue());passwordAddDepartmentPasswordDialog.hide();"
 					oncomplete="handleUpdateUserTabTitles(xhr, status, args)"
 					icon="ui-icon ui-icon-disk" ajax="true"
-					disabled="#{(!passwordBean.created and passwordBean.in.enable2fa)}"
+					disabled="#{((!passwordBean.created or !passwordBean.out.hasOtpSecret) and passwordBean.in.enable2fa)}"
 					update="password_input,passwordadd_departmentpassword" />
 				<p:commandButton process="@this,password_input"
 					id="addPasswordResetOtpSecretDepartment"