def delete_webauthn(self):
if len(self.request.user.webauthn) == 0:
self.request.session.flash("There is no security device to delete",
queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = DeleteWebAuthnForm(
**self.request.POST,
username=self.request.user.username,
user_service=self.user_service,
user_id=self.request.user.id,
)
if form.validate():
self.request.user.webauthn.remove(form.webauthn)
self.user_service.record_event(
self.request.user.id,
tag="account:two_factor:method_removed",
ip_address=self.request.remote_addr,
additional={
"method": "webauthn",
"label": form.label.data
},
)
self.request.session.flash("Security device removed",
queue="success")
else:
self.request.session.flash("Invalid credentials", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
def delete_webauthn(self):
if len(self.request.user.webauthn) == 0:
self.request.session.flash("No WebAuthhn device to delete.",
queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = DeleteWebAuthnForm(
**self.request.POST,
username=self.request.user.username,
user_service=self.user_service,
user_id=self.request.user.id,
)
if form.validate():
self.request.user.webauthn.remove(form.webauthn)
self.request.session.flash("WebAuthn device deleted.",
queue="success")
else:
self.request.session.flash("Invalid credentials.", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))