Changed 2fa delete from body to query for code

as per best practices

backend/routes/users.js

@@ -370,16 +370,16 @@ router
 	})
 
 	/**
-	 * DELETE /api/users/123/2fa
+	 * DELETE /api/users/123/2fa?code=XXXXXX
 	 *
 	 * Disable 2FA for a user
 	 */
 	.delete(async (req, res, next) => {
 		try {
-			const { code } = await apiValidator(
-				getValidationSchema("/users/{userID}/2fa", "delete"),
-				req.body,
-			);
+			const code = typeof req.query.code === "string" ? req.query.code : null;
+			if (!code) {
+				throw new errs.ValidationError("Missing required parameter: code");
+			}
 			await internal2FA.disable(res.locals.access, req.params.user_id, code);
 			res.status(200).send(true);
 		} catch (err) {

backend/schema/paths/users/userID/2fa/delete.json

@@ -13,32 +13,21 @@
 			"required": true,
 			"description": "User ID",
 			"example": 2
+		},
+		{
+			"in": "query",
+			"name": "code",
+			"schema": {
+				"type": "string",
+				"minLength": 6,
+				"maxLength": 6,
+				"example": "012345"
+			},
+			"required": true,
+			"description": "2fa Code",
+			"example": "012345"
 		}
 	],
-	"requestBody": {
-		"description": "2fa Code Payload",
-		"required": true,
-		"content": {
-			"application/json": {
-				"schema": {
-					"additionalProperties": false,
-					"properties": {
-						"code": {
-							"minLength": 6,
-							"maxLength": 6,
-							"type": "string",
-							"example": "012345"
-						}
-					},
-					"required": ["code"],
-					"type": "object"
-				},
-				"example": {
-					"code": "012345"
-				}
-			}
-		}
-	},
 	"responses": {
 		"200": {
 			"content": {

backend/schema/paths/users/userID/2fa/get.json

@@ -27,12 +27,10 @@
 				"application/json": {
 					"examples": {
 						"default": {
-							"value": [
-								{
-									"enabled": false,
-									"backup_codes_remaining": 0
-								}
-							]
+							"value": {
+								"enabled": false,
+								"backup_codes_remaining": 0
+							}
 						}
 					},
 					"schema": {