From c8783ced6d65b7778c8b801dede6470d3cfeb5e4 Mon Sep 17 00:00:00 2001
From: Addison Beck <addisonbeck1@gmail.com>
Date: Fri, 30 Sep 2022 09:45:07 -0400
Subject: [PATCH] Use a user-based known device check (#2318)

---
 src/Api/Controllers/AuthRequestsController.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Api/Controllers/AuthRequestsController.cs b/src/Api/Controllers/AuthRequestsController.cs
index 82a22f6fe2..7cb4911042 100644
--- a/src/Api/Controllers/AuthRequestsController.cs
+++ b/src/Api/Controllers/AuthRequestsController.cs
@@ -91,8 +91,8 @@ public class AuthRequestsController : Controller
         }
         if (_globalSettings.PasswordlessAuth.KnownDevicesOnly)
         {
-            var d = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier);
-            if (d == null || d.UserId != user.Id)
+            var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
+            if (devices == null || !devices.Any(d => d.Identifier == model.DeviceIdentifier))
             {
                 throw new NotFoundException();
             }