Don't trigger an internal error if hitting 2fa endpoint and it isn't enabled

app/Http/Controllers/Auth/LoginCheckpointController.php

@@ -69,6 +69,10 @@ class LoginCheckpointController extends AbstractLoginController
                 return $this->sendLoginResponse($user, $request);
             }
         } else {
+            if (!$user->use_totp) {
+                $this->sendFailedLoginResponse($request, $user);
+            }
+
             $decrypted = $this->encrypter->decrypt($user->totp_secret);
 
             if ($this->google2FA->verifyKey($decrypted, (string) $request->input('authentication_code') ?? '', config('pterodactyl.auth.2fa.window'))) {

routes/auth.php

@@ -25,8 +25,8 @@ Route::group(['middleware' => 'guest'], function () {
     Route::middleware(['throttle:authentication'])->group(function () {
         // Login endpoints.
         Route::post('/login', [Auth\LoginController::class, 'login'])->middleware('recaptcha');
-        Route::post('/login/checkpoint', [Auth\LoginCheckpointController::class, 'token'])->name('auth.login-checkpoint');
+        Route::post('/login/checkpoint', [Auth\LoginCheckpointController::class, 'token'])->name('auth.checkpoint');
-        Route::post('/login/checkpoint/key', [Auth\LoginCheckpointController::class, 'key'])->name('auth.login-checkpoint-key');
+        Route::post('/login/checkpoint/key', [Auth\LoginCheckpointController::class, 'key'])->name('auth.checkpoint.key');
 
         // Forgot password route. A post to this endpoint will trigger an
         // email to be sent containing a reset token.