diff options
| author | Truong Nguyen <truongnmt.dev@gmail.com> | 2021-08-26 23:51:22 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-26 09:51:22 -0500 |
| commit | 7283a5d3b94b655172744996ffa43ec80aff0e08 (patch) | |
| tree | 60af89149d26d049e25dfe829ae54376a873c2b7 /app/controllers/auth | |
| parent | 94bcf453219da73015cc977835717516b9dc0a67 (diff) | |
Explicitly set userVerification to discoraged (#16545)
Diffstat (limited to 'app/controllers/auth')
| -rw-r--r-- | app/controllers/auth/sessions_controller.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 7afd09e10..2c3d510cb 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -45,7 +45,10 @@ class Auth::SessionsController < Devise::SessionsController user = find_user if user&.webauthn_enabled? - options_for_get = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id)) + options_for_get = WebAuthn::Credential.options_for_get( + allow: user.webauthn_credentials.pluck(:external_id), + user_verification: 'discouraged' + ) session[:webauthn_challenge] = options_for_get.challenge |