Remove unnecessary restriction for 2FA WebAuthn

It should be enough to check the user has it set as their auth type. Even if a user is no longer eligible to register a security key, it should still be OK for them to continue using the feature.
2026-05-06 00:48:46 -04:00 · 2021-06-30 14:54:20 +01:00
parent aad017a184
commit 7fafc18fb3
2 changed files with 1 additions and 16 deletions
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -298,20 +298,6 @@ def test_two_factor_webauthn_should_have_auth_signin_button(
    mock_get_user.assert_called_once_with(platform_admin_user['id'])


-def test_two_factor_webauthn_should_reject_non_platform_admins(
-    client,
-    api_user_active,
-    mock_get_user,
-):
-    api_user_active['auth_type'] = 'webauthn_auth'
-    with client.session_transaction() as session:
-        session['user_details'] = {'id': api_user_active['id'], 'email': api_user_active['email_address']}
-
-    response = client.get(url_for('main.two_factor_webauthn'))
-
-    assert response.status_code == 403
-
-
 def test_two_factor_webauthn_should_reject_non_webauthn_auth_users(
    client,
    platform_admin_user,