increment failed login count on unsuccesful webauthn login

this doesn't include timeouts or other errors on the browser side - the
main thing this catches is if the token doesn't belong to the user.
However I'm not entirely clear if that's something that will be caught
at this point, or if the browser would reject that key as it's not in
the credentials passed in to the begin_authentication process.
This commit is contained in:
Leo Hemsted
2021-05-19 18:18:09 +01:00
parent 92f78b14fe
commit c29f87f55d
2 changed files with 4 additions and 1 deletions

View File

@@ -119,7 +119,7 @@ def _complete_webauthn_authentication(user):
except ValueError as exc:
current_app.logger.info(f'User {user.id} could not sign in using their webauthn token - {exc}')
flash('Security key not recognised')
# TODO: increment failed login count
user.verify_webauthn_login(is_successful=False)
abort(403)