pub async fn disable_2fa(
auth: AuthenticatedUser,
dto: Json<Disable2FADto>,
use_cases: Data<Arc<TwoFactorUseCases>>,
) -> HttpResponseExpand description
Disable 2FA (requires current password)
Disables 2FA for the authenticated user. Requires password verification for security.
§Security
- User must be authenticated
- Requires current password verification
- All 2FA configuration is deleted (secret + backup codes)
- Action is logged for audit trail
§Request Body
{
"current_password": "user_password"
}§Returns
- 200 OK: 2FA successfully disabled
- 400 Bad Request: Invalid password
- 401 Unauthorized: Not authenticated
- 500 Internal Server Error: Disable failed