Warn/check if any 2FA provider is active before enforcing 2FA

[ChristophWurst]

From #12249

Another thing which confuses me is that I can enforce two factor auth even if no single two factor out method is enabled. I think it would make sense to check that at least one is enabled (u2f, totp,...) and otherwise disable the checkbox.

[rummatee]

I implemented this feature, but I noticed, that there is one 2FA provider that is always enabled: backup_codes. I'm not completely sure how this should be dealt with. Should enforcing 2FA only be possible with at least 2 providers, or should just any provider called 'backup_codes' be ignored, when deciding if enforcing should be allowed?

[ChristophWurst]

Yep, that is what I also did at

server/lib/private/Authentication/TwoFactorAuth/Manager.php

Line 118 in 8177fdb

$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);

. This one is a special provider and it's fine to have an exception for it.

[szaimen]

It seems like this is still valid.