From a647715276c3474421f0799b5e9e3d4d5a7413e2 Mon Sep 17 00:00:00 2001
From: lhhyung <lhhyung511@megazone.com>
Date: Mon, 21 Oct 2024 11:12:55 +0900
Subject: [PATCH] feat: Add logic to delete user_secret when disabling MFA if
 mfa_type is OTP

---
 src/spaceone/identity/service/user_service.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/spaceone/identity/service/user_service.py b/src/spaceone/identity/service/user_service.py
index 3a37d51a..647e9b8c 100644
--- a/src/spaceone/identity/service/user_service.py
+++ b/src/spaceone/identity/service/user_service.py
@@ -11,6 +11,7 @@
 
 from spaceone.identity.error.error_mfa import *
 from spaceone.identity.error.error_user import *
+from spaceone.identity.manager import SecretManager
 from spaceone.identity.manager.config_manager import ConfigManager
 from spaceone.identity.manager.email_manager import EmailManager
 from spaceone.identity.manager.domain_manager import DomainManager
@@ -250,6 +251,11 @@ def disable_mfa(self, params: UserDisableMFARequest) -> Union[UserResponse, dict
         if user_mfa.get("state", "DISABLED") == "DISABLED" or mfa_type is None:
             raise ERROR_MFA_ALREADY_DISABLED(user_id=user_id)
 
+        if mfa_type == "OTP":
+            user_secret_id = user_mfa["options"]["user_secret_id"]
+            secret_manager: SecretManager = self.locator.get_manager(SecretManager)
+            secret_manager.delete_user_secret(user_secret_id)
+
         user_mfa = {"state": "DISABLED"}
         self.user_mgr.update_user_by_vo({"mfa": user_mfa}, user_vo)