fix(auth): update SQL queries to use totp_secret_encrypted instead of dropped totp_secret column

Co-authored-by: Draco Lunaris <331325+Draco-Lunaris@users.noreply.github.com>

crates/pm-auth/src/session.rs

@@ -120,7 +120,7 @@ pub async fn login(
     let user: Option<DbUser> = sqlx::query_as(
         r#"
         SELECT id, username, display_name, role, auth_provider,
-               password_hash, totp_secret, mfa_enabled, is_active, force_password_reset,
+               password_hash, totp_secret_encrypted, totp_secret_nonce, mfa_enabled, is_active, force_password_reset,
                failed_login_attempts, locked_until
         FROM users
         WHERE username = $1 AND auth_provider = 'local'
@@ -278,7 +278,7 @@ pub async fn refresh_session(
     let user: DbUser = sqlx::query_as(
         r#"
         SELECT id, username, display_name, role, auth_provider,
-               password_hash, totp_secret, mfa_enabled, is_active, force_password_reset,
+               password_hash, totp_secret_encrypted, totp_secret_nonce, mfa_enabled, is_active, force_password_reset,
                failed_login_attempts, locked_until
         FROM users WHERE id = $1
         "#,

crates/pm-web/src/routes/auth.rs

@@ -435,7 +435,7 @@ async fn disable_mfa(
         ));
     }
 
-    sqlx::query("UPDATE users SET totp_secret = NULL, mfa_enabled = FALSE WHERE id = $1")
+    sqlx::query("UPDATE users SET totp_secret_encrypted = NULL, totp_secret_nonce = NULL, mfa_enabled = FALSE WHERE id = $1")
         .bind(auth_user.user_id)
         .execute(&state.db)
         .await