# Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/ class User::TwoFactorsController < ApplicationController prepend_before_action :authenticate_and_authorize! def two_factor_remove_authentication_method Service::User::TwoFactor::RemoveMethod .new(user: params_user, method_name: params[:method]) .execute render json: {}, status: :ok end def two_factor_remove_all_authentication_methods params_user.two_factor_destroy_all_authentication_methods render json: {}, status: :ok end def two_factor_enabled_authentication_methods render json: params_user.two_factor_enabled_authentication_methods, status: :ok end def two_factor_personal_configuration result = { enabled_authentication_methods: current_user.two_factor_enabled_authentication_methods, recovery_codes_exist: current_user.auth_two_factor.user_recovery_codes_exists?, } render json: result, status: :ok end def two_factor_verify_configuration raise Exceptions::UnprocessableEntity, __('The required parameter "method" is missing.') if params[:method].blank? raise Exceptions::UnprocessableEntity, __('The required parameter "payload" is missing.') if params[:payload].blank? verify_method_configuration = Service::User::TwoFactor::VerifyMethodConfiguration.new(user: current_user, method_name: params[:method], payload: params[:payload], configuration: params[:configuration].permit!.to_h) begin render json: verify_method_configuration.execute.merge({ verified: true }), status: :ok rescue Service::User::TwoFactor::VerifyMethodConfiguration::Failed render json: { verified: false }, status: :ok end end def two_factor_authentication_method_initiate_configuration check_method! initiate_authentication_method_configuration = Service::User::TwoFactor::InitiateMethodConfiguration.new(user: current_user, method_name: @method_name) render json: { configuration: initiate_authentication_method_configuration.execute }, status: :ok end def two_factor_recovery_codes_generate codes = Service::User::TwoFactor::GenerateRecoveryCodes .new(user: current_user, force: true) .execute render json: codes, status: :ok end def two_factor_default_authentication_method check_method! Service::User::TwoFactor::SetDefaultMethod .new(user: current_user, method_name: @method_name) .execute render json: {}, status: :ok end def two_factor_authentication_method_configuration check_method! configuration = Service::User::TwoFactor::GetMethodConfiguration .new(user: current_user, method_name: @method_name) .execute render json: { configuration: configuration || {} }, status: :ok end def two_factor_authentication_remove_credentials check_method! Service::User::TwoFactor::RemoveMethodCredentials .new(user: current_user, method_name: @method_name, credential_id: params[:credential_id]) .execute render json: {}, status: :ok end private def check_method! raise Exceptions::UnprocessableEntity, __('The required parameter "method" is missing.') if params[:method].blank? @method_name ||= params[:method] true end def params_user User.find(params[:id]) end end