Remove permission user/two-factor-authentication

jrauh01 · jrauh01 · commit ee96b88df8af · 2025-12-12T16:18:02.000+01:00
The user should not need to ask for more security.
diff --git a/application/controllers/AccountController.php b/application/controllers/AccountController.php
@@ -74,24 +74,23 @@ public function indexAction()
             }
         }
 
-        if ($user->can('user/two-factor-authentication')) {
-            $twoFactor = TwoFactorTotp::loadFromDb($this->getDb(), $user->getUsername());
-            if ($twoFactor === null) {
-                $twoFactor = TwoFactorTotp::generate($user->getUsername());
+        $twoFactor = TwoFactorTotp::loadFromDb($this->getDb(), $user->getUsername());
+        if ($twoFactor === null) {
+            $twoFactor = TwoFactorTotp::generate($user->getUsername());
+        }
+
+        $twoFactorForm = new TwoFactorConfigForm();
+        $twoFactorForm->setUser($user);
+        $twoFactorForm->setTwoFactor($twoFactor);
+        $twoFactorForm->on(Form::ON_SUBMIT, function (TwoFactorConfigForm $form) {
+            if ($redirectUrl = $form->getRedirectUrl()) {
+                $this->redirectNow($redirectUrl);
             }
+        });
+        $twoFactorForm->handleRequest(ServerRequest::fromGlobals());
 
-            $twoFactorForm = new TwoFactorConfigForm();
-            $twoFactorForm->setUser($user);
-            $twoFactorForm->setTwoFactor($twoFactor);
-            $twoFactorForm->on(Form::ON_SUBMIT, function (TwoFactorConfigForm $form) {
-                if ($redirectUrl = $form->getRedirectUrl()) {
-                    $this->redirectNow($redirectUrl);
-                }
-            });
-            $twoFactorForm->handleRequest(ServerRequest::fromGlobals());
+        $this->view->twoFactorForm = $twoFactorForm;
 
-            $this->view->twoFactorForm = $twoFactorForm;
-        }
 
         $form = new PreferenceForm();
         $form->setPreferences($user->getPreferences());
diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php
@@ -573,9 +573,6 @@ public static function collectProvidedPrivileges()
             'user/password-change' => [
                 'description' => t('Allow password changes in the account preferences')
             ],
-            'user/two-factor-authentication'=> [
-                'description' => t('Allow 2FA configuration in the account preferences')
-            ],
             'user/application/stacktraces' => [
                 'description' => t('Allow to adjust in the preferences whether to show stacktraces')
             ],
