fix: check if 2FA is enabled to allow TOTP reset (#29723)

.changeset/cuddly-houses-tie.md

+---
+"@rocket.chat/meteor": patch
+---
+
+Hide Reset TOTP option if 2FA is disabled

apps/meteor/app/api/server/v1/users.ts

@@ -1034,6 +1034,10 @@ API.v1.addRoute(
 					throw new Meteor.Error('error-not-allowed', 'Not allowed');
 				}
 
+				if (!settings.get('Accounts_TwoFactorAuthentication_Enabled')) {
+					throw new Meteor.Error('error-two-factor-not-enabled', 'Two factor authentication is not enabled');
+				}
+
 				const user = await getUserFromParams(this.bodyParams);
 				if (!user) {
 					throw new Meteor.Error('error-invalid-user-id', 'Invalid user id');

apps/meteor/client/views/admin/users/hooks/useResetTOTPAction.tsx

 import type { IUser } from '@rocket.chat/core-typings';
-import { useSetModal, usePermission, useEndpoint, useTranslation, useToastMessageDispatch } from '@rocket.chat/ui-contexts';
+import { useSetModal, usePermission, useSetting, useEndpoint, useTranslation, useToastMessageDispatch } from '@rocket.chat/ui-contexts';
 import React, { useCallback } from 'react';
 
 import GenericModal from '../../../../components/GenericModal';
@@ -10,6 +10,7 @@ export const useResetTOTPAction = (userId: IUser['_id']): Action | undefined =>
 	const setModal = useSetModal();
 	const dispatchToastMessage = useToastMessageDispatch();
 	const canResetTOTP = usePermission('edit-other-user-totp');
+	const twoFactorEnabled = useSetting('Accounts_TwoFactorAuthentication_Enabled');
 	const resetTOTPRequest = useEndpoint('POST', '/v1/users.resetTOTP');
 
 	const resetTOTP = useCallback(async () => {
@@ -31,7 +32,7 @@ export const useResetTOTPAction = (userId: IUser['_id']): Action | undefined =>
 		);
 	}, [resetTOTP, t, setModal]);
 
-	return canResetTOTP
+	return canResetTOTP && twoFactorEnabled
 		? {
 				icon: 'key',
 				label: t('Reset_TOTP'),