From 26cec2d117a3d9d677f2ccb940ead0f529ba1f69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Mon, 2 Feb 2026 14:29:53 +0100
Subject: [PATCH] feat: Add info level result if 2FA is not enforced
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 .../lib/SetupChecks/TwoFactorConfiguration.php    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php b/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php
index 52e1966a7be..584191401ca 100644
--- a/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php
+++ b/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php
@@ -6,8 +6,10 @@ declare(strict_types=1);
  * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
+
 namespace OCA\Settings\SetupChecks;
 
+use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
 use OC\Authentication\TwoFactorAuth\ProviderLoader;
 use OC\Authentication\TwoFactorAuth\ProviderSet;
 use OCP\IL10N;
@@ -18,6 +20,7 @@ class TwoFactorConfiguration implements ISetupCheck {
 	public function __construct(
 		private IL10N $l10n,
 		private ProviderLoader $providerLoader,
+		private MandatoryTwoFactor $mandatoryTwoFactor,
 	) {
 	}
 
@@ -35,10 +38,20 @@ class TwoFactorConfiguration implements ISetupCheck {
 		$primaryProviders = $providerSet->getPrimaryProviders();
 		if (count($primaryProviders) === 0) {
 			return SetupResult::warning($this->l10n->t('This instance has no second factor provider available.'));
+		}
+
+		$state = $this->mandatoryTwoFactor->getState();
+
+		if (!$state->isEnforced()) {
+			return SetupResult::info(
+				$this->l10n->t(
+					'Second factor providers are available but two-factor authentication is not enforced.'
+				)
+			);
 		} else {
 			return SetupResult::success(
 				$this->l10n->t(
-					'Second factor providers are available: %s.',
+					'Second factor providers are available and enforced: %s.',
 					[
 						implode(', ', array_map(
 							fn ($p) => '"' . $p->getDisplayName() . '"',