User-disable_two_factor_form Tag

Overview#

The user:disable_two_factor_form tag renders a form that allows authenticated users to disable two-factor authentication on their account. This removes the 2FA requirement and deletes their recovery codes.

The tag will render the opening and closing <form> HTML elements for you. No input fields are required—just a submit button.

Hot Tip!

This form requires the user to be authenticated with 2FA enabled and an elevated session. If the session isn't elevated, the user will be redirected to confirm their identity first.

Example#

{{ user:disable_two_factor_form redirect="/account" }}

    {{ if success }}
        <div class="bg-green-300 text-white p-2">
            {{ success }}
        </div>
    {{ /if }}

    <p>Are you sure you want to disable two-factor authentication?</p>
    <button type="submit">Disable Two-Factor Authentication</button>

{{ /user:disable_two_factor_form }}

<s:user:disable_two_factor_form redirect="/account">
    @if ($success)
        <div class="bg-green-300 text-white p-2">
            {{ $success }}
        </div>
    @endif

    <p>Are you sure you want to disable two-factor authentication?</p>
    <button type="submit">Disable Two-Factor Authentication</button>
</s:user:disable_two_factor_form>

Enforced 2FA#

If the user belongs to a role that has 2FA enforced (configured via two_factor_enforced_roles in your config), they can't really stay signed in with 2FA off — so after the form is submitted, Statamic ignores the redirect parameter and sends them to the setup page instead. That destination is pulled from the statamic.users.two_factor_setup_url config key in config/statamic/users.php, falling back to Statamic's built-in setup route if that's left null.

Parameters

Variables