From 078c3a8adcd51e57b68ab1b582549f5813cccd14 Mon Sep 17 00:00:00 2001
From: Joel Lee <lee.yi.jie.joel@gmail.com>
Date: Sun, 4 Aug 2024 20:02:18 +0200
Subject: [PATCH] fix: drop the MFA_ENABLED config (#1701)

## What kind of change does this PR introduce?

The `MFA_ENABLED` config is deprecated and not in active use.
---
 internal/api/mfa.go            | 12 ++----------
 internal/api/settings.go       |  2 --
 internal/conf/configuration.go |  3 ---
 3 files changed, 2 insertions(+), 15 deletions(-)

diff --git a/internal/api/mfa.go b/internal/api/mfa.go
index 420f3f552..21a2fbc66 100644
--- a/internal/api/mfa.go
+++ b/internal/api/mfa.go
@@ -256,11 +256,7 @@ func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error {
 		}
 		return a.enrollPhoneFactor(w, r, params)
 	case models.TOTP:
-		// Prior to the introduction of MFA.TOTP.EnrollEnabled,
-		// MFA.Enabled was used to configure whether TOTP was on. So
-		// both have to be set to false to regard the feature as
-		// disabled.
-		if !config.MFA.Enabled && !config.MFA.TOTP.EnrollEnabled {
+		if !config.MFA.TOTP.EnrollEnabled {
 			return unprocessableEntityError(ErrorCodeMFATOTPEnrollDisabled, "MFA enroll is disabled for TOTP")
 		}
 		return a.enrollTOTPFactor(w, r, params)
@@ -395,11 +391,7 @@ func (a *API) ChallengeFactor(w http.ResponseWriter, r *http.Request) error {
 		return a.challengePhoneFactor(w, r)
 
 	case models.TOTP:
-		// Prior to the introduction of MFA.TOTP.VerifyEnabled,
-		// MFA.Enabled was used to configure whether TOTP was on. So
-		// both have to be set to false to regard the feature as
-		// disabled.
-		if !config.MFA.Enabled && !config.MFA.TOTP.VerifyEnabled {
+		if !config.MFA.TOTP.VerifyEnabled {
 			return unprocessableEntityError(ErrorCodeMFATOTPEnrollDisabled, "MFA verification is disabled for TOTP")
 		}
 		return a.challengeTOTPFactor(w, r)
diff --git a/internal/api/settings.go b/internal/api/settings.go
index 16817db10..bc2f38692 100644
--- a/internal/api/settings.go
+++ b/internal/api/settings.go
@@ -36,7 +36,6 @@ type Settings struct {
 	MailerAutoconfirm bool             `json:"mailer_autoconfirm"`
 	PhoneAutoconfirm  bool             `json:"phone_autoconfirm"`
 	SmsProvider       string           `json:"sms_provider"`
-	MFAEnabled        bool             `json:"mfa_enabled"`
 	SAMLEnabled       bool             `json:"saml_enabled"`
 }
 
@@ -75,7 +74,6 @@ func (a *API) Settings(w http.ResponseWriter, r *http.Request) error {
 		MailerAutoconfirm: config.Mailer.Autoconfirm,
 		PhoneAutoconfirm:  config.Sms.Autoconfirm,
 		SmsProvider:       config.Sms.Provider,
-		MFAEnabled:        config.MFA.Enabled,
 		SAMLEnabled:       config.SAML.Enabled,
 	})
 }
diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
index 81d058c29..1f81f6b7a 100644
--- a/internal/conf/configuration.go
+++ b/internal/conf/configuration.go
@@ -123,9 +123,6 @@ type PhoneFactorTypeConfiguration struct {
 
 // MFAConfiguration holds all the MFA related Configuration
 type MFAConfiguration struct {
-	// Enabled is deprecated, but still used to signal TOTP.EnrollEnabled and TOTP.VerifyEnabled.
-	Enabled bool `default:"false"`
-
 	ChallengeExpiryDuration     float64                      `json:"challenge_expiry_duration" default:"300" split_words:"true"`
 	FactorExpiryDuration        time.Duration                `json:"factor_expiry_duration" default:"300s" split_words:"true"`
 	RateLimitChallengeAndVerify float64                      `split_words:"true" default:"15"`