MM-13725 Fix client config overriding MFA enforcement set in limited config (mattermost#10095)

* Fix client config overriding MFA enforcement set in limited config

* Add unit test

Author: jwilander

utils/config.go

@@ -592,7 +592,6 @@ func GenerateClientConfig(c *model.Config, diagnosticId string, license *model.L
 	props["LdapNicknameAttributeSet"] = "false"
 	props["LdapFirstNameAttributeSet"] = "false"
 	props["LdapLastNameAttributeSet"] = "false"
-	props["EnforceMultifactorAuthentication"] = "false"
 	props["EnableCompliance"] = "false"
 	props["EnableMobileFileDownload"] = "true"
 	props["EnableMobileFileUpload"] = "true"
@@ -761,6 +760,8 @@ func GenerateLimitedClientConfig(c *model.Config, diagnosticId string, license *
 	props["EnableCustomBrand"] = strconv.FormatBool(*c.TeamSettings.EnableCustomBrand)
 	props["CustomBrandText"] = *c.TeamSettings.CustomBrandText
 	props["CustomDescriptionText"] = *c.TeamSettings.CustomDescriptionText
+	props["EnableMultifactorAuthentication"] = "false"
+	props["EnforceMultifactorAuthentication"] = "false"
 
 	if license != nil {
 		if *license.Features.LDAP {
@@ -773,6 +774,7 @@ func GenerateLimitedClientConfig(c *model.Config, diagnosticId string, license *
 
 		if *license.Features.MFA {
 			props["EnableMultifactorAuthentication"] = strconv.FormatBool(*c.ServiceSettings.EnableMultifactorAuthentication)
+			props["EnforceMultifactorAuthentication"] = strconv.FormatBool(*c.ServiceSettings.EnforceMultifactorAuthentication)
 		}
 
 		if *license.Features.SAML {
@@ -795,10 +797,6 @@ func GenerateLimitedClientConfig(c *model.Config, diagnosticId string, license *
 			props["EnableCustomTermsOfService"] = strconv.FormatBool(*c.SupportSettings.CustomTermsOfServiceEnabled)
 			props["CustomTermsOfServiceReAcceptancePeriod"] = strconv.FormatInt(int64(*c.SupportSettings.CustomTermsOfServiceReAcceptancePeriod), 10)
 		}
-
-		if *license.Features.MFA {
-			props["EnforceMultifactorAuthentication"] = strconv.FormatBool(*c.ServiceSettings.EnforceMultifactorAuthentication)
-		}
 	}
 
 	return props

utils/config_test.go

@@ -776,9 +776,10 @@ func TestGetClientConfig(t *testing.T) {
 			"",
 			nil,
 			map[string]string{
-				"DiagnosticId":                  "",
-				"EmailNotificationContentsType": "full",
-				"AllowCustomThemes":             "true",
+				"DiagnosticId":                     "",
+				"EmailNotificationContentsType":    "full",
+				"AllowCustomThemes":                "true",
+				"EnforceMultifactorAuthentication": "false",
 			},
 		},
 		{
@@ -826,6 +827,23 @@ func TestGetClientConfig(t *testing.T) {
 				"AllowCustomThemes":             "false",
 			},
 		},
+		{
+			"licensed for enforcement",
+			&model.Config{
+				ServiceSettings: model.ServiceSettings{
+					EnforceMultifactorAuthentication: bToP(true),
+				},
+			},
+			"tag1",
+			&model.License{
+				Features: &model.Features{
+					MFA: bToP(true),
+				},
+			},
+			map[string]string{
+				"EnforceMultifactorAuthentication": "true",
+			},
+		},
 	}
 
 	for _, testCase := range testCases {