feat: implement mutual exclusion and warnings between Google Authenticator and Email 2FA

app/Http/Controllers/TwoFactorController.php

@@ -80,6 +80,7 @@ class TwoFactorController extends Controller
         $user->update([
             'two_factor_confirmed_at' => now(),
             'two_factor_recovery_codes' => json_encode($recoveryCodes->toArray()),
+            'email_2fa_enabled' => false, // Automatically disable Email 2FA
         ]);
 
         return back()->with('success', 'Two-Factor Authentication has been enabled successfully.');
@@ -114,9 +115,18 @@ class TwoFactorController extends Controller
         ]);
 
         $user = auth()->user();
-        $user->update([
-            'email_2fa_enabled' => $request->enabled,
-        ]);
+        if ($request->enabled) {
+            $user->update([
+                'email_2fa_enabled' => true,
+                'two_factor_secret' => null,
+                'two_factor_recovery_codes' => null,
+                'two_factor_confirmed_at' => null,
+            ]);
+        } else {
+            $user->update([
+                'email_2fa_enabled' => false,
+            ]);
+        }
 
         $status = $request->enabled ? 'enabled' : 'disabled';
         return back()->with('success', "Two-Factor Authentication via Email has been {$status} successfully.");