georgestephanis
commented
10 months ago Possible chance with bad input this changes some test results -- I need to add a test for the use case anyway.
Open georgestephanis opened 10 months ago
georgestephanis
commented
10 months ago Possible chance with bad input this changes some test results -- I need to add a test for the use case anyway.
georgestephanis
commented
10 months ago Once this is in, purging u2f from the plugin won't leave users who only had that enabled wide open with no two-factor protection.
This also ensures if a user only had U2F enabled, and it's deprecated and removed, that it won't "fail open" for lack of any available methods.
If Email is available, shove it in. If not, return an error.