fix!: use POST instead of DELETE when disabling 2FA

Signed-off-by: Matthew Penner <[email protected]>

Author: matthewpi

resources/scripts/api/account/disableAccountTwoFactor.ts

@@ -1,9 +1,11 @@
 import http from '@/api/http';
 
-export default (password: string): Promise<void> => {
+function disableAccountTwoFactor(password: string): Promise<void> {
     return new Promise((resolve, reject) => {
-        http.delete('/api/client/account/two-factor', { params: { password } })
+        http.post('/api/client/account/two-factor/disable', { password })
             .then(() => resolve())
             .catch(reject);
     });
-};
+}
+
+export default disableAccountTwoFactor;

routes/api-client.php

@@ -24,7 +24,7 @@
         Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account');
         Route::get('/two-factor', [Client\TwoFactorController::class, 'index']);
         Route::post('/two-factor', [Client\TwoFactorController::class, 'store']);
-        Route::delete('/two-factor', [Client\TwoFactorController::class, 'delete']);
+        Route::post('/two-factor/disable', [Client\TwoFactorController::class, 'delete']);
     });
 
     Route::put('/email', [Client\AccountController::class, 'updateEmail'])->name('api:client.account.update-email');