UCP and allowed media hosts

phpmyfaq/assets/src/api/user.js

@@ -71,3 +71,24 @@ export const requestUserRemoval = async (data) => {
     console.error(error);
   }
 };
+
+export const removeTwofactorConfig = async (csrfToken) => {
+  try {
+    const response = await fetch('api/user/remove-twofactor', {
+      method: 'POST',
+      cache: 'no-cache',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        csrfToken: csrfToken
+      }),
+      redirect: 'follow',
+      referrerPolicy: 'no-referrer',
+    });
+
+    return await response.json();
+  } catch (error) {
+    console.error(error);
+  }
+};

phpmyfaq/assets/src/user/ucp.js

@@ -13,8 +13,9 @@
  * @since     2024-03-03
  */
 
-import { updateUserControlPanelData } from '../api';
+import { removeTwofactorConfig, updateUserControlPanelData } from '../api';
 import { addElement } from '../utils';
+import { pushErrorNotification, pushNotification } from "../../../admin/assets/src/utils";
 
 export const handleUserControlPanel = () => {
   const userControlPanelSubmit = document.getElementById('pmf-submit-user-control-panel');
@@ -47,5 +48,22 @@ export const handleUserControlPanel = () => {
         );
       }
     });
+
+    const confirmRemoveTwofactor = document.getElementById('pmf-remove-twofactor-confirm');
+    if (confirmRemoveTwofactor) {
+      confirmRemoveTwofactor.addEventListener('click', async (event) => {
+        event.preventDefault();
+        const csrfToken = document.getElementById('pmf-csrf-token-remove-twofactor');
+        const response = await removeTwofactorConfig(csrfToken.value);
+        if (response.success) {
+          pushNotification(response.success);
+          document.getElementById('twofactor_enabled').checked = false;
+          document.getElementById('removeCurrentConfig').style.display = 'none';
+        }
+        if (response.error) {
+          pushErrorNotification(response.error);
+        }
+      });
+    }
   }
 };

phpmyfaq/assets/templates/index.twig

@@ -74,6 +74,30 @@
   </div>
 </nav>
 
+<div class="toast-container position-fixed top-0 start-50 translate-middle-x mt-5 p-3">
+  <div id="pmf-notification" class="toast align-items-center text-bg-primary shadow border-0" role="alert"
+       aria-live="assertive" aria-atomic="true">
+    <div class="d-flex">
+      <div class="toast-body" id="pmf-notification-message">
+      </div>
+      <button type="button" class="btn-close btn-close-white me-2 m-auto" data-bs-dismiss="toast"
+              aria-label="Close">
+      </button>
+    </div>
+  </div>
+
+  <div id="pmf-notification-error" class="toast align-items-center text-bg-danger shadow border-0"
+       role="alert" aria-live="assertive" aria-atomic="true">
+    <div class="d-flex">
+      <div class="toast-body" id="pmf-notification-error-message">
+      </div>
+      <button type="button" class="btn-close btn-close-white me-2 m-auto" data-bs-dismiss="toast"
+              aria-label="Close">
+      </button>
+    </div>
+  </div>
+</div>
+
 <!-- SEARCH -->
 <div class="container my-5">
   <div class="row height d-flex justify-content-center align-items-center">

phpmyfaq/assets/templates/login.twig

@@ -18,7 +18,7 @@
                   <h3 class="text-center font-weight-light my-4">phpMyFAQ Login</h3>
                 </div>
                 <div class="card-body">
-                  <form action="{{ writeLoginPath }}" method="post" accept-charset="utf-8" role="form">
+                  <form action="{{ writeLoginPath|raw }}" method="post" accept-charset="utf-8" role="form">
                     <input type="hidden" name="redirect-action" value="{{ action }}" />
                     <div class="form-floating mb-3">
                       <input