Don't allow twofactor to be disabled if any users are enrolled https://sourceforge.net/p/webadmin/bugs/4788/

webmin/change_twofactor.cgi

@@ -15,6 +15,16 @@ if ($in{'twofactor_provider'}) {
 	$err = defined(&$vfunc) && &$vfunc(\%in, \%miniserv);
 	&error($err) if ($err);
 	}
+else {
+	# Don't disable if any users have twofactor enabled
+	&foreign_require("acl");
+	@twos = grep { $_->{'twofactor_provider'} && $_->{'twofactor_id'} }
+		     &acl::list_users();
+	if (@twos) {
+		&error(&text('twofactor_eusers',
+			     join(" ", map { $_->{'name'} } @twos)));
+		}
+	}
 
 # Save settings
 &lock_file($ENV{'MINISERV_CONFIG'});

webmin/lang/en

@@ -1072,6 +1072,7 @@ twofactor_test=Use provider's test mode?
 twofactor_desc=Two-factor authentication allows Webmin users to enable use of an additional authentication device when logging in, such as a one-time passcode generator. Users must individually enroll with the selected authentication provider after it is enabled on this page.
 twofactor_err=Failed to save two-factor authentication
 twofactor_eprovider=Invalid provider!
+twofactor_eusers=Two-factor authentication cannot be disabled, as the following users are currently enrolled : $1
 twofactor_eapikey=Missing or invalid-looking API key
 twofactor_authy=Authy
 twofactor_totp=Google Authenticator