Administrators can remove two factor authentication

src/controllers/admin_controller.rs

@@ -60,6 +60,7 @@ pub struct UpdateUserQuery {
     admin: Option<String>,
     grant_type: String,
     granted_clients: String,
+    two_factor: String,
 }
 
 pub async fn users_route(user: CurrentUser, users: web::Data<Addr<UsersActor>>, update_query: Option<web::Form<UpdateUserQuery>>) -> impl Responder {
@@ -80,6 +81,11 @@ pub async fn users_route(user: CurrentUser, users: web::Data<Addr<UsersActor>>,
         user.enabled = update.0.enabled.is_some();
         user.admin = update.0.admin.is_some();
 
+        if let Some(factors) = user.two_factor.as_mut() {
+            let factors_to_keep = update.0.two_factor.split(';').collect::<Vec<_>>();
+            factors.retain(|f| factors_to_keep.contains(&f.id.0.as_str()));
+        }
+
         user.authorized_clients = match update.0.grant_type.as_str() {
             "all_clients" => None,
             "custom_clients" => Some(update.0.granted_clients.split(',')