porchlight/src
Johan Lundberg e54764cda9
fix(security): guard admin credential deletion against lockout
Admin credential deletion removed password/WebAuthn credentials with no
last-credential check, so an admin could delete a user's only credential and
lock them out. Use the atomic delete_*_if_not_last repo methods; on refusal
re-render the credentials section unchanged with an explanatory alert.

Refs: porchlight-lg7

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 13:27:00 +02:00
..
porchlight fix(security): guard admin credential deletion against lockout 2026-06-05 13:27:00 +02:00