[SG-762] Prevent approving request on second device after denying on first (#2370)

* Added check to ensure a passwordless request is not acted upon multiple times

* Corrected grammer

src/Api/Controllers/AuthRequestsController.cs

@@ -125,6 +125,11 @@ public class AuthRequestsController : Controller
             throw new NotFoundException();
         }
 
+        if (authRequest.Approved is not null)
+        {
+            throw new DuplicateAuthRequestException();
+        }
+
         var device = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier);
         if (device == null)
         {