From b7e50fc638f18db0ad2a8fe4725a6d86638e049f Mon Sep 17 00:00:00 2001 From: Leo Hemsted Date: Fri, 13 Aug 2021 18:21:52 +0100 Subject: [PATCH] redirect non logged in users previously it'd show an error because non logged in users don't have the can_use_webauthn attribute. now we can just bounce them to the sign-in page --- app/main/views/user_profile.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/main/views/user_profile.py b/app/main/views/user_profile.py index 426852ff4..c02256964 100644 --- a/app/main/views/user_profile.py +++ b/app/main/views/user_profile.py @@ -232,6 +232,7 @@ def user_profile_disable_platform_admin_view(): @main.route("/user-profile/security-keys", methods=['GET']) +@user_is_logged_in def user_profile_security_keys(): if not current_user.can_use_webauthn: abort(403) @@ -251,6 +252,7 @@ def user_profile_security_keys(): methods=['GET'], endpoint="user_profile_confirm_delete_security_key" ) +@user_is_logged_in def user_profile_manage_security_key(key_id): if not current_user.can_use_webauthn: abort(403) @@ -282,6 +284,7 @@ def user_profile_manage_security_key(key_id): @main.route("/user-profile/security-keys//delete", methods=['POST']) +@user_is_logged_in def user_profile_delete_security_key(key_id): if not current_user.can_use_webauthn: abort(403)