add setting for configuring types

docs/docs/start/config.md

@@ -379,6 +379,7 @@ InvenTree provides allowance for additional sign-in options. The following optio
 | Environment Variable | Configuration File | Description | Default |
 | --- | --- | --- | --- |
 | INVENTREE_MFA_ENABLED | mfa_enabled | Enable or disable multi-factor authentication support for the InvenTree server | True |
+| MFA_SUPPORTED_TYPES | mfa_supported_types | List of supported multi-factor authentication types | recovery_codes,totp |
 
 ### Single Sign On
 

src/backend/InvenTree/InvenTree/settings.py

@@ -1304,7 +1304,15 @@ HEADLESS_FRONTEND_URLS = {
 }
 HEADLESS_ONLY = True
 HEADLESS_TOKEN_STRATEGY = 'InvenTree.auth_overrides.DRFTokenStrategy'
-MFA_ENABLED = get_boolean_setting('INVENTREE_MFA_ENABLED', 'mfa_enabled', True)
+MFA_ENABLED = get_boolean_setting(
+    'INVENTREE_MFA_ENABLED', 'mfa_enabled', True
+)  # TODO re-implement
+MFA_SUPPORTED_TYPES = get_setting(
+    'INVENTREE_MFA_SUPPORTED_TYPES',
+    'mfa_supported_types',
+    ['totp', 'recovery_codes'],
+    typecast=list,
+)
 
 LOGOUT_REDIRECT_URL = get_setting(
     'INVENTREE_LOGOUT_REDIRECT_URL', 'logout_redirect_url', 'index'

src/frontend/src/pages/Index/Settings/AccountSettings/SecurityContent.tsx

@@ -445,6 +445,7 @@ function MfaAddSection({
   refetch: () => void;
   showRecoveryCodes: (codes: Recoverycodes) => void;
 }>) {
+  const [auth_config] = useServerApiState((state) => [state.auth_config]);
   const [totpQrOpen, { open: openTotpQr, close: closeTotpQr }] =
     useDisclosure(false);
   const [totpQr, setTotpQr] = useState<{ totp_url: string; secret: string }>();
@@ -507,8 +508,10 @@ function MfaAddSection({
         function: registerRecoveryCodes,
         used: usedFactors?.includes('recovery_codes')
       }
-    ];
-  }, [usedFactors]);
+    ].filter((factor) => {
+      auth_config?.mfa.supported_types.includes(factor.type);
+    });
+  }, [usedFactors, auth_config]);
 
   return (
     <Stack>