mirrors
/
vt-social
mirror of https://github.com/nullptr-live/vt-social.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Explicitly set userVerification to discoraged (#16545)

main
Truong Nguyen 2021-08-26 23:51:22 +09:00 committed by GitHub
parent 94bcf45321
commit 7283a5d3b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/auth/sessions_controller.rb
View File

@ -45,7 +45,10 @@ class Auth::SessionsController < Devise::SessionsController
user = find_user user = find_user
if user&.webauthn_enabled? if user&.webauthn_enabled?
options_for_get = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id)) options_for_get = WebAuthn::Credential.options_for_get(
allow: user.webauthn_credentials.pluck(:external_id),
user_verification: 'discouraged'
)
session[:webauthn_challenge] = options_for_get.challenge session[:webauthn_challenge] = options_for_get.challenge

3
app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
View File

@ -21,7 +21,8 @@ module Settings
display_name: current_user.account.username, display_name: current_user.account.username,
id: current_user.webauthn_id, id: current_user.webauthn_id,
}, },
exclude: current_user.webauthn_credentials.pluck(:external_id) exclude: current_user.webauthn_credentials.pluck(:external_id),
authenticator_selection: { user_verification: 'discouraged' }
) )
session[:webauthn_challenge] = options_for_create.challenge session[:webauthn_challenge] = options_for_create.challenge