From 21acb924f154ef4596fb8b83f5bc1baaf0256141 Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <opensource@fthiessen.de>
Date: Mon, 24 Mar 2025 16:02:13 +0100
Subject: [PATCH] fix: adjust two factor documentation

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 .../configuration_user/two_factor-auth.rst       | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/admin_manual/configuration_user/two_factor-auth.rst b/admin_manual/configuration_user/two_factor-auth.rst
index f4e345647..4d2fb8cd5 100644
--- a/admin_manual/configuration_user/two_factor-auth.rst
+++ b/admin_manual/configuration_user/two_factor-auth.rst
@@ -5,7 +5,7 @@ Two-factor authentication
 =========================
 
 Two-factor authentication adds an additional layer of security to user accounts. In order to log
-in on an account when two-factor authentication (2FA) enabled, it is necessary to provide both the
+in on an account when two-factor authentication (2FA) enabled, you must provide both the
 login password and another factor. 
 
 To use 2FA two things must happen:
@@ -76,13 +76,16 @@ a user has 2FA enforced:
 Provider removal
 ----------------
 
-Nextcloud keeps records about the enabled two-factor authentication providers of every user. If a provider is simply removed/:ref:`disabled <apps_commands_label>`, Nextcloud will still consider the provider active for the user at login and show a warning like *Could not load at least one of your enabled two-factor auth methods*.
+Nextcloud keeps records about the enabled two-factor authentication providers of every user.
+If a provider is simply removed/:ref:`disabled <apps_commands_label>`,
+Nextcloud will still consider the provider active for the user at login and show a warning like *Could not load at least one of your enabled two-factor auth methods*.
 
 The associations of removed providers can be cleaned up via :ref:`occ <occ>`::
 
  sudo -u www-data php occ twofactorauth:cleanup <provider_id>
 
-.. warning:: This operation is irreversible. Only run it for providers you do not intend to enable again.
+.. warning:: This operation is irreversible. Only run it for providers you do not intend to enable again as then you have to setup the configuration for all users from scratch.
+
 
 Disabling two-factor authentication
 -----------------------------------
@@ -91,6 +94,11 @@ Two-factor providers can be disabled via :ref:`occ <occ>`::
 
  sudo -u www-data php occ twofactorauth:disable <uid> <provider_id>
 
-User are free to enable this provider again via their personal settings.
+This can be useful if the user forgot or lost their second factor.
+Afterwards users are free to enable this provider again via their personal settings.
 
 .. note:: This operation has to be supported by the provider. If this support is missing, Nextcloud will abort and show an error.
+
+It is also possible to check the current two-factor user status via :ref:`occ <occ>`::
+
+  sudo -u www-data php occ twofactorauth:state <uid>