mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-17 21:20:32 -04:00
increment failed login count on unsuccesful webauthn login
this doesn't include timeouts or other errors on the browser side - the main thing this catches is if the token doesn't belong to the user. However I'm not entirely clear if that's something that will be caught at this point, or if the browser would reject that key as it's not in the credentials passed in to the begin_authentication process.
This commit is contained in:
@@ -119,7 +119,7 @@ def _complete_webauthn_authentication(user):
|
||||
except ValueError as exc:
|
||||
current_app.logger.info(f'User {user.id} could not sign in using their webauthn token - {exc}')
|
||||
flash('Security key not recognised')
|
||||
# TODO: increment failed login count
|
||||
user.verify_webauthn_login(is_successful=False)
|
||||
abort(403)
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user