mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-12 17:34:16 -04:00
Since the register and authentication APIs work in pairs, we can just put the restrictions on the "begin" API. We weren't testing the restrictions on the "complete" API anyway. For authentication, it's also enough to check if the user has WebAuthn as their auth type, as it's not a big deal if a user continues to login with a security key indefinitely.