identity: add support for disabling 2fa

2026-05-16 12:29:19 +02:00 · 2026-04-17 11:28:33 +05:00
parent 33413b0a5c
commit ebb1d44edd
3 changed files with 12 additions and 10 deletions
@@ -79,9 +79,12 @@ namespace Streetwriters.Identity.Controllers
        }

        [HttpDelete]
-        public IActionResult Disable2FA()
+        public async Task<IActionResult> Disable2FA()
        {
-            return BadRequest("2FA is mandatory and cannot be disabled.");
+            var user = await UserManager.GetUserAsync(User) ?? throw new Exception("User not found.");
+            if (!await UserManager.GetTwoFactorEnabledAsync(user)) return Ok();
+            await MFAService.DisableMFAAsync(user);
+            return Ok();
        }

        [HttpGet("codes")]
@@ -34,12 +34,6 @@ namespace Streetwriters.Identity.Services
            var claims = await userManager.GetClaimsAsync(user);
            var marketingConsentClaim = claims.FirstOrDefault((claim) => claim.Type == $"{clientId}:marketing_consent");

-            if (await userManager.IsEmailConfirmedAsync(user) && !await userManager.GetTwoFactorEnabledAsync(user))
-            {
-                await mfaService.EnableMFAAsync(user, MFAMethods.Email);
-                user = await userManager.FindByIdAsync(userId);
-                ArgumentNullException.ThrowIfNull(user);
-            }
            ArgumentNullException.ThrowIfNull(user.Email);

            return new UserModel
@@ -59,7 +59,6 @@ namespace Streetwriters.Identity.Validation

        public string GrantType => Config.EMAIL_GRANT_TYPE;

-
        public async Task ValidateAsync(ExtensionGrantValidationContext context)
        {
            var email = context.Request.Raw["email"];
@@ -76,8 +75,14 @@ namespace Streetwriters.Identity.Validation
            };

            var isMultiFactor = await UserManager.GetTwoFactorEnabledAsync(user);
+            if (!isMultiFactor)
+            {
+                context.Result.IsError = false;
+                context.Result.Subject = await TokenGenerationService.TransformTokenRequestAsync(context.Request, user, GrantType, [Config.MFA_PASSWORD_GRANT_TYPE_SCOPE]);
+                return;
+            }

-            var primaryMethod = isMultiFactor ? MFAService.GetPrimaryMethod(user) : MFAMethods.Email;
+            var primaryMethod = MFAService.GetPrimaryMethod(user);
            var secondaryMethod = MFAService.GetSecondaryMethod(user);
            var sendPhoneNumber = primaryMethod == MFAMethods.SMS || secondaryMethod == MFAMethods.SMS;