Fixed delete user when 2FA is enabled, implemented delete user for admin panel, and the front-end part for invite user. Secured admin panel behind a configurable token.

src/db/models/two_factor.rs

@@ -107,4 +107,12 @@ impl TwoFactor {
             .filter(twofactor::type_.eq(type_))
             .first::<Self>(&**conn).ok()
     }
-}
+    
+    pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> QueryResult<usize> {
+        diesel::delete(
+            twofactor::table.filter(
+                twofactor::user_uuid.eq(user_uuid)
+            )
+        ).execute(&**conn)
+    }
+}

src/db/models/user.rs

@@ -113,7 +113,7 @@ use diesel;
 use diesel::prelude::*;
 use crate::db::DbConn;
 use crate::db::schema::{users, invitations};
-use super::{Cipher, Folder, Device, UserOrganization, UserOrgType};
+use super::{Cipher, Folder, Device, UserOrganization, UserOrgType, TwoFactor};
 
 /// Database methods
 impl User {
@@ -168,6 +168,7 @@ impl User {
         Cipher::delete_all_by_user(&self.uuid, &*conn)?;
         Folder::delete_all_by_user(&self.uuid, &*conn)?;
         Device::delete_all_by_user(&self.uuid, &*conn)?;
+        TwoFactor::delete_all_by_user(&self.uuid, &*conn)?;
         Invitation::take(&self.email, &*conn); // Delete invitation if any
 
         diesel::delete(users::table.filter(