darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-27 05:41:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4035 from alphagov/no-webauthn-🤖s

Browse Source 
Ensure only logged in users can see /webauthn/register
This commit is contained in:
Katie Smith
2021-10-05 11:47:47 +01:00
committed by GitHub
parent 64c16cccb1 5885110360
commit aeb3db583e
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/main/views/webauthn_credentials.py
View File

@@ -13,9 +13,11 @@ from app.utils.login import (
log_in_user,
redirect_to_sign_in,
)
from app.utils.user import user_is_logged_in
@main.route('/webauthn/register')
@user_is_logged_in
def webauthn_begin_register():
if not current_user.can_use_webauthn:
abort(403)
@@ -38,6 +40,7 @@ def webauthn_begin_register():
@main.route('/webauthn/register', methods=['POST'])
@user_is_logged_in
def webauthn_complete_register():
if 'webauthn_registration_state' not in session:
return cbor.encode("No registration in progress"), 400