Use API flag to give users access to WebAuthn

This allows us to roll out the feature to other users. Note that the flag is also "True" if the user has "webauthn_auth" as their auth type, so this is compatible with the more fine-grained check we have on the authentication parts of the feature. We could do a more explicit "can_use_webauthn or webauthn_auth" check here, but the idea is that we'll be able to get rid of this flag eventually, so I've optimised for brevity instead. I've modified a couple of the unhappy-path tests to make it more explicit that the flag is false, since it can be true for Platform Admins and "normal users" alike.
2026-05-05 16:38:59 -04:00 · 2021-06-30 15:30:29 +01:00
parent 1a4dd04ab1
commit 4c2915ce86
7 changed files with 40 additions and 22 deletions
--- a/app/models/user.py
+++ b/app/models/user.py
@@ -31,6 +31,7 @@ class User(JSONModel, UserMixin):
    MAX_FAILED_LOGIN_COUNT = 10

    ALLOWED_PROPERTIES = {
+        'can_use_webauthn',
        'id',
        'name',
        'email_address',