auth(2fa): block setup after enable to avoid secret reissue

2026-03-08 19:07:20 +03:00
parent af1ce20640
commit d069ff1121
4 changed files with 38 additions and 1 deletions
--- a/docs/api-reference.md
+++ b/docs/api-reference.md
@@ -553,6 +553,8 @@ Response:
 }
 ```

+If 2FA is already enabled for the account, returns `400` (`"2FA is already enabled"`).
+
 ### POST `/api/v1/auth/2fa/enable`

 Auth required.