Bugfix - Enable admin to see users webauthn methods

2026-04-09 22:57:03 +09:30
parent 04e3293b30
commit 2a8b1b0d5b
1 changed files with 10 additions and 1 deletions
@@ -512,7 +512,14 @@ def admin_get_user_mfa(user_id):
        user_id=user_id, method_type=AuthMethodType.WEBAUTHN, deleted_at=None,
    ).first()
    if webauthn_method and webauthn_method.provider_data:
-        for cred in webauthn_method.provider_data.get("credentials", []):
+        # Handle both single credential (direct in provider_data) and multiple credentials (in credentials array)
        credentials = webauthn_method.provider_data.get("credentials", [])
        # If no credentials array, check if provider_data itself is a single credential
        if not credentials and "credential_id" in webauthn_method.provider_data:
            credentials = [webauthn_method.provider_data]
        for cred in credentials:
            if not cred.get("deleted_at"):
                mfa_methods.append({
                    "id": cred.get("id") or cred.get("credential_id"),
@@ -588,6 +595,8 @@ def admin_remove_user_mfa(user_id, method_type):
            credential_id = request.args.get("credential_id")
            if credential_id:
                credentials = (webauthn_method.provider_data or {}).get("credentials", [])
                if not credentials and "credential_id" in (webauthn_method.provider_data or {}):
                    credentials = [webauthn_method.provider_data]
                found = False
                new_credentials = []
                for cred in credentials: