Need to perform 2FA before modifying factors

src/controllers/two_factor_api.rs

@@ -7,6 +7,7 @@ use crate::actors::users_actor;
 use crate::actors::users_actor::UsersActor;
 use crate::constants::MAX_SECOND_FACTOR_NAME_LEN;
 use crate::data::action_logger::{Action, ActionLogger};
+use crate::data::critical_route::CriticalRoute;
 use crate::data::current_user::CurrentUser;
 use crate::data::totp_key::TotpKey;
 use crate::data::user::{FactorID, TwoFactor, TwoFactorType};
@@ -29,6 +30,7 @@ pub struct AddTOTPRequest {
 }
 
 pub async fn save_totp_factor(
+    _critical: CriticalRoute,
     user: CurrentUser,
     form: web::Json<AddTOTPRequest>,
     users: web::Data<Addr<UsersActor>>,
@@ -77,6 +79,7 @@ pub struct AddWebauthnRequest {
 }
 
 pub async fn save_webauthn_factor(
+    _critical: CriticalRoute,
     user: CurrentUser,
     form: web::Json<AddWebauthnRequest>,
     users: web::Data<Addr<UsersActor>>,
@@ -121,6 +124,7 @@ pub struct DeleteFactorRequest {
 }
 
 pub async fn delete_factor(
+    _critical: CriticalRoute,
     user: CurrentUser,
     form: web::Json<DeleteFactorRequest>,
     users: web::Data<Addr<UsersActor>>,
@@ -145,6 +149,7 @@ pub async fn delete_factor(
 }
 
 pub async fn clear_login_history(
+    _critical: CriticalRoute,
     user: CurrentUser,
     users: web::Data<Addr<UsersActor>>,
     logger: ActionLogger,