+ it('Should succeed to disable two factor without a password when targeting a remote user with an admin account', async function () {
+ await server.twoFactor.disable({ userId })
+ await server.twoFactor.requestAndConfirm({ userId })
+ })
+
+ it('Should fail to disable two factor without a password when targeting myself with an admin account', async function () {
+ await server.twoFactor.disable({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+ await server.twoFactor.disable({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+ })
+