diff --git a/src/Model/TwoFactor.php b/src/Model/TwoFactor.php
index f85af90..2420527 100644
--- a/src/Model/TwoFactor.php
+++ b/src/Model/TwoFactor.php
@@ -43,6 +43,10 @@ class TwoFactor extends AbstractModel
      */
     protected $fillable = ['user_id', 'secret', 'backup_codes', 'is_active'];  // Add other fields as necessary
 
+    public $casts = [
+        'is_active' => 'boolean',
+    ];
+
     /**
      * Get the user that owns this 2FA entry.
      */
diff --git a/tests/integration/api/ShowQrCodeControllerTest.php b/tests/integration/api/ShowQrCodeControllerTest.php
new file mode 100644
index 0000000..316e738
--- /dev/null
+++ b/tests/integration/api/ShowQrCodeControllerTest.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace IanM\TwoFactor\Tests\integration\api;
+
+use Carbon\Carbon;
+use Flarum\Extend;
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+use IanM\TwoFactor\Model\TwoFactor;
+
+class ShowQrCodeControllerTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        $this->extension('ianm-twofactor');
+
+        $this->prepareDatabase([
+            'users' => [
+                $this->normalUser(),
+                ['id' => 3, 'username' => 'normal2', 'password' => '$2y$10$LO59tiT7uggl6Oe23o/O6.utnF6ipngYjvMvaxo1TciKqBttDNKim', 'email' => 'normal2@machine.local', 'is_email_confirmed' => 1,
+                ]
+            ],
+            'two_factor' => [
+                ['id' => 1, 'user_id' => 2, 'secret' => 'OIZ2R42HL2ZNUJNJU72P4EK26CQSD5JLEC7AVH7BCBJKRCUBUPLHXQ4TCAYVFZPDAGH3QDPHWABLMT36QAKTIFPNL5NKTR2BGVIY3GY', 'backup_codes' => '["$2y$10$8UDXx3Fbx\/K9uKHs.4wq8OIP3\/q.0PghYhX\/v9ckHmvXwY2yUI.IC","$2y$10$KWw6OT18AMWa\/T1NcS1hjOiMfuzq45L1KKsFUBXAIjKTsvXJcUEOW"]', 'is_active' => true, 'created_at' => Carbon::now(), 'updated_at' => Carbon::now()]
+            ]
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function user_can_generate_qr_code()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/3/twofactor/qrcode', [
+                'authenticatedAs' => 3,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+
+        $body = (string) $response->getBody();
+        $this->assertJson($body);
+
+        $data = json_decode($body, true);
+        $this->assertArrayHasKey('svg', $data);
+        $this->assertArrayHasKey('code', $data);
+
+        $this->assertStringContainsString('data:image/png;base64,', $data['svg']);
+        $this->assertNotEmpty($data['code']);
+
+        $twoFactor = TwoFactor::query()->where('user_id', 3)->first();
+
+        $this->assertNotNull($twoFactor);
+        $this->assertEquals($data['code'], $twoFactor->secret);
+        $this->assertFalse($twoFactor->is_active);
+    }
+}