e54764cda9
Admin credential deletion removed password/WebAuthn credentials with no last-credential check, so an admin could delete a user's only credential and lock them out. Use the atomic delete_*_if_not_last repo methods; on refusal re-render the credentials section unchanged with an explanatory alert. Refs: porchlight-lg7 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_admin_guard.py | ||
| test_admin_routes.py | ||