- robust_delete_administrator: use ORM delete when webauthn_credentials exists; else SQL DELETE after optional webauthn row cleanup and recursive child admins
- Fixes MySQL 1146 ProgrammingError on submitUserDeletion for installs without webauthn migrations
- JSON responses use application/json; errors include deleteStatus for listUsers UI
- After invalid/missing HomeDirectory id, resolve home_dir from best path like auto mode
- Handle MultipleObjectsReturned on path lookup; use get_or_create for UserHomeMapping
- Clear errors for ACL.DoesNotExist and IntegrityError (duplicate username)
- Ensure JSON error responses include createStatus and application/json
- Initialize selectedACL in create user template so JSON POST always includes ACL
- Explicit option values; pass default_acl_name from view for ng-init
- Coerce websitesLimit to int; validate selectedACL before ACL.objects.get
- ensure_csrf_cookie on createUser page load
- Optional /etc/cyberpanel/csrf_trusted_origins for HTTPS IP:port panels
- Allow changeUserACL on getUserHomeDirectories (parity with create user page)
- Sync public/static and static copies of userManagment.js with app static
- Introduced a new endpoint to manually regenerate the 2FA secret for users.
- Updated views to handle 2FA secret regeneration, including security checks and logging.
- Enhanced the user interface with a button to regenerate the 2FA secret, along with appropriate alerts and confirmations.
- Updated JavaScript to manage the regeneration process and display the new secret key and QR code provisioning URI.
https://github.com/usmannasir/cyberpanel/issues/1577
