darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-04-17 07:42:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

set user_verification to discouraged

Browse Source 
this is in line with our settings during registration. user verification
involves the browser popping up a PIN prompt. Since the user has already
entered their password correctly to get to this stage, we don't need any
more proof of Something They Know, so there's no need for this.
This commit is contained in:
Leo Hemsted
2021-06-03 17:01:04 +01:00
parent 9fe8666733
commit e9636119ef
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/main/views/webauthn_credentials.py
View File

@@ -86,7 +86,7 @@ def webauthn_begin_authentication():
authentication_data, state = current_app.webauthn_server.authenticate_begin(
credentials=user_to_login.webauthn_credentials_as_cbor,
user_verification=None, # required, preferred, discouraged. sets whether to ask for PIN
user_verification="discouraged", # don't ask for PIN
)
session["webauthn_authentication_state"] = state
return cbor.encode(authentication_data)