mirror of
https://github.com/simple-login/app.git
synced 2024-09-27 20:31:30 +02:00
return 403 if user enables FIDO
This commit is contained in:
parent
149a06dd68
commit
f929f23acc
@ -766,6 +766,8 @@ Output:
|
||||
The `api_key` is used in all subsequent requests. It's empty if MFA is enabled.
|
||||
If user hasn't enabled MFA, `mfa_key` is empty.
|
||||
|
||||
Return 403 if user has enabled FIDO. The client can display a message to suggest user to use the `API Key` instead.
|
||||
|
||||
#### POST /api/auth/mfa
|
||||
|
||||
Input:
|
||||
|
@ -55,6 +55,8 @@ def auth_login():
|
||||
return jsonify(error="Email or password incorrect"), 400
|
||||
elif not user.activated:
|
||||
return jsonify(error="Account not activated"), 400
|
||||
elif user.fido_enabled():
|
||||
return jsonify(error="Currently we don't support FIDO on mobile yet"), 403
|
||||
|
||||
return jsonify(**auth_payload(user, device)), 200
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user