Open georgestephanis opened 10 months ago
Possible chance with bad input this changes some test results -- I need to add a test for the use case anyway.
Once this is in, purging u2f from the plugin won't leave users who only had that enabled wide open with no two-factor protection.
This also ensures if a user only had U2F enabled, and it's deprecated and removed, that it won't "fail open" for lack of any available methods.
If Email is available, shove it in. If not, return an error.