From 13aee9e3fcc8b9cd52dcb7cf81b08f4e299feb55 Mon Sep 17 00:00:00 2001
From: yash-rajpal <rajpal.yash03@gmail.com>
Date: Mon, 3 Nov 2025 20:49:27 +0530
Subject: [PATCH 1/2] fix and add test

---
 apps/meteor/app/2fa/server/methods/enable.ts       |  8 --------
 .../tests/end-to-end/api/methods/2fa-enable.ts     | 14 +++++++++-----
 2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/apps/meteor/app/2fa/server/methods/enable.ts b/apps/meteor/app/2fa/server/methods/enable.ts
index dea859d27b626..c273dfbadaf74 100644
--- a/apps/meteor/app/2fa/server/methods/enable.ts
+++ b/apps/meteor/app/2fa/server/methods/enable.ts
@@ -26,14 +26,6 @@ Meteor.methods<ServerMethods>({
 			});
 		}
 
-		const hasUnverifiedEmail = user.emails?.some((email) => !email.verified);
-
-		if (hasUnverifiedEmail) {
-			throw new Meteor.Error('error-invalid-user', 'You need to verify your emails before setting up 2FA', {
-				method: '2fa:enable',
-			});
-		}
-
 		if (user.services?.totp?.enabled) {
 			throw new Meteor.Error('error-2fa-already-enabled');
 		}
diff --git a/apps/meteor/tests/end-to-end/api/methods/2fa-enable.ts b/apps/meteor/tests/end-to-end/api/methods/2fa-enable.ts
index a2bd9dfeb3a75..9c2a6962fc614 100644
--- a/apps/meteor/tests/end-to-end/api/methods/2fa-enable.ts
+++ b/apps/meteor/tests/end-to-end/api/methods/2fa-enable.ts
@@ -52,7 +52,7 @@ describe('2fa:enable', function () {
 			});
 	});
 
-	it('should return error when user is not verified', async () => {
+	it('should return secret and qr code url even when user has unverified email', async () => {
 		await request
 			.post(methodCall('2fa:enable'))
 			.set(user3Credentials)
@@ -66,10 +66,14 @@ describe('2fa:enable', function () {
 			})
 			.expect(200)
 			.expect((res) => {
-				expect(res.body).to.have.property('message');
-				const result = JSON.parse(res.body.message);
-				expect(result).to.have.property('error');
-				expect(result.error).to.not.have.property('errpr', 'error-invalid-user');
+				expect(res.body).to.have.property('success', true);
+				const parsedBody = JSON.parse(res.body.message);
+				expect(parsedBody).to.have.property('result');
+				expect(parsedBody.result).to.have.property('secret').of.a('string');
+				expect(parsedBody.result)
+					.to.have.property('url')
+					.of.a('string')
+					.match(/^otpauth:\/\//);
 			});
 	});
 

From 723b5d0cc5a12466092bcd438577c7103a538a1b Mon Sep 17 00:00:00 2001
From: yash-rajpal <rajpal.yash03@gmail.com>
Date: Mon, 3 Nov 2025 20:55:50 +0530
Subject: [PATCH 2/2] add changeset

---
 .changeset/dull-deers-live.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/dull-deers-live.md

diff --git a/.changeset/dull-deers-live.md b/.changeset/dull-deers-live.md
new file mode 100644
index 0000000000000..6411998b14a19
--- /dev/null
+++ b/.changeset/dull-deers-live.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': minor
+---
+
+Allows users to enable TOTP-based two factor authentication without requiring a verified email address.