django-passkeys icon indicating copy to clipboard operation
django-passkeys copied to clipboard
verified publisher icon mkalioby

Missing @login_required decorator

Open rafaelurben opened this issue 1 year ago • 3 comments

The views reg_begin and reg_complete both reference request.user without having the @login_required decorator. Opening these URLs leads to unwanted Internal Server Errors, if the user is not logged in.

https://github.com/mkalioby/django-passkeys/blob/310b4f497bb793646eba0c6dc0b00329a98fc240/passkeys/FIDO2.py#L60-L99

(Technically, it wouldn't be needed on reg_complete, but I think for the sake of completeness, it should be added nonetheless.)

rafaelurben avatar Sep 03 '24 15:09 rafaelurben

Nice catch

mkalioby avatar Sep 03 '24 15:09 mkalioby

@mkalioby Do you intend to fix this as part of upcoming merges or may I make a PR together with fixes for #21?

rafaelurben avatar Sep 03 '24 16:09 rafaelurben

Let's do this in a single PR if you can, as this applies to version v1.2 as with the template naming, we will move to v2.0 as it is a breaking change

mkalioby avatar Sep 03 '24 16:09 mkalioby