Add endpoint to disable totp auth

pkg/user/totp.go

@@ -105,6 +105,12 @@ func EnableTOTP(passcode *TOTPPasscode) (err error) {
 	return
 }
 
+// DisableTOTP removes all totp settings for a user.
+func DisableTOTP(user *User) (err error) {
+	_, err = x.Where("user_id = ?", user.ID).Delete(&TOTP{})
+	return
+}
+
 // ValidateTOTPPasscode validated totp codes of users.
 func ValidateTOTPPasscode(passcode *TOTPPasscode) (t *TOTP, err error) {
 	t, err = GetTOTPForUser(passcode.User)

pkg/user/user.go

@@ -172,17 +172,27 @@ func CheckUserCredentials(u *Login) (*User, error) {
 	}
 
 	// Check the users password
-	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(u.Password))
+	err = CheckUserPassword(user, u.Password)
 	if err != nil {
-		if err == bcrypt.ErrMismatchedHashAndPassword {
-			return &User{}, ErrWrongUsernameOrPassword{}
-		}
 		return &User{}, err
 	}
 
 	return user, nil
 }
 
+// CheckUserPassword checks and verifies a user's password. The user object needs to contain the hashed password from the database.
+func CheckUserPassword(user *User, password string) error {
+	err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
+	if err != nil {
+		if err == bcrypt.ErrMismatchedHashAndPassword {
+			return ErrWrongUsernameOrPassword{}
+		}
+		return err
+	}
+
+	return nil
+}
+
 // GetCurrentUser returns the current user based on its jwt token
 func GetCurrentUser(c echo.Context) (user *User, err error) {
 	jwtinf := c.Get("user").(*jwt.Token)