Check that request.session exists before accessing it

OCA · Mar 13, 2024 · 217068e · 217068e
1 parent 8bd6f78
commit 217068e
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/auth_admin_passkey/models/res_users.py b/auth_admin_passkey/models/res_users.py
@@ -75,9 +75,11 @@ def _check_credentials(self, password, env):
                 password = hashlib.sha512(password.encode()).hexdigest()
 
             if password and file_password == password:
-                request.session["ignore_totp"] = config.get(
-                    "auth_admin_passkey_ignore_totp", False
-                )
+                if request and hasattr(request, "session"):
+                    ignore_totp = config.get(
+                        "auth_admin_passkey_ignore_totp", False
+                    )
+                    request.session["ignore_totp"] = ignore_totp
                 self._send_email_passkey(users[0])
             else:
                 raise