From 18d62a81d1120254d8ccef11e5ecd7d7da0a218a Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Thu, 7 May 2020 17:56:25 +0200
Subject: [PATCH] add User.can_use_fido

---
 app/auth/views/fido.py | 2 +-
 app/models.py          | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/auth/views/fido.py b/app/auth/views/fido.py
index cd6c14d3..24c4428d 100644
--- a/app/auth/views/fido.py
+++ b/app/auth/views/fido.py
@@ -31,7 +31,7 @@ def fido():
 
     user = User.get(user_id)
 
-    if not (user and (user.fido_enabled())):
+    if not (user and user.fido_enabled()):
         flash("Only user with security key linked should go to this page", "warning")
         return redirect(url_for("auth.login"))
 
diff --git a/app/models.py b/app/models.py
index 0224f4aa..c40b25e6 100644
--- a/app/models.py
+++ b/app/models.py
@@ -140,8 +140,13 @@ class User(db.Model, ModelMixin, UserMixin):
     fido_pk = db.Column(db.String(), nullable=True, unique=True)
     fido_sign_count = db.Column(db.Integer(), nullable=True)
 
+    # whether user can use Fido
+    can_use_fido = db.Column(
+        db.Boolean, default=False, nullable=False, server_default="0"
+    )
+
     def fido_enabled(self) -> bool:
-        if self.fido_uuid is not None:
+        if self.can_use_fido and self.fido_uuid is not None:
             return True
         return False