Allow U2F 2FA without TOTP (#11573)

This change enables the usage of U2F without being forced to enroll an TOTP authenticator.
The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled.

Fixes #5410
Fixes #17495

1 files changed, 9 insertions, 15 deletions

diff --git a/routers/web/user/setting/security.go b/routers/web/user/setting/security.go
index 53f672282d..65e9790d47 100644
--- a/routers/web/user/setting/security.go
+++ b/routers/web/user/setting/security.go
@@ -55,23 +55,17 @@ func DeleteAccountLink(ctx *context.Context) {
 }
 
 func loadSecurityData(ctx *context.Context) {
-	enrolled := true
-	_, err := login.GetTwoFactorByUID(ctx.User.ID)
+	enrolled, err := login.HasTwoFactorByUID(ctx.User.ID)
 	if err != nil {
-		if login.IsErrTwoFactorNotEnrolled(err) {
-			enrolled = false
-		} else {
-			ctx.ServerError("SettingsTwoFactor", err)
-			return
-		}
+		ctx.ServerError("SettingsTwoFactor", err)
+		return
 	}
-	ctx.Data["TwofaEnrolled"] = enrolled
-	if enrolled {
-		ctx.Data["U2FRegistrations"], err = login.GetU2FRegistrationsByUID(ctx.User.ID)
-		if err != nil {
-			ctx.ServerError("GetU2FRegistrationsByUID", err)
-			return
-		}
+	ctx.Data["TOTPEnrolled"] = enrolled
+
+	ctx.Data["U2FRegistrations"], err = login.GetU2FRegistrationsByUID(ctx.User.ID)
+	if err != nil {
+		ctx.ServerError("GetU2FRegistrationsByUID", err)
+		return
 	}
 
 	tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})