forked from fedi/mastodon
Explicitly set userVerification to discoraged (#16545)
This commit is contained in:
parent
94bcf45321
commit
7283a5d3b9
|
@ -45,7 +45,10 @@ class Auth::SessionsController < Devise::SessionsController
|
|||
user = find_user
|
||||
|
||||
if user&.webauthn_enabled?
|
||||
options_for_get = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id))
|
||||
options_for_get = WebAuthn::Credential.options_for_get(
|
||||
allow: user.webauthn_credentials.pluck(:external_id),
|
||||
user_verification: 'discouraged'
|
||||
)
|
||||
|
||||
session[:webauthn_challenge] = options_for_get.challenge
|
||||
|
||||
|
|
|
@ -21,7 +21,8 @@ module Settings
|
|||
display_name: current_user.account.username,
|
||||
id: current_user.webauthn_id,
|
||||
},
|
||||
exclude: current_user.webauthn_credentials.pluck(:external_id)
|
||||
exclude: current_user.webauthn_credentials.pluck(:external_id),
|
||||
authenticator_selection: { user_verification: 'discouraged' }
|
||||
)
|
||||
|
||||
session[:webauthn_challenge] = options_for_create.challenge
|
||||
|
|
Loading…
Reference in a new issue