Fix #110 - Reset WebAuthn user options after last device revocation

app/Http/Controllers/Auth/WebAuthnManageController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Auth;
 
+use App\Facades\Settings;
 use App\Http\Controllers\Controller;
 use Illuminate\Http\Request;
 use App\Http\Requests\WebauthnRenameRequest;
@@ -72,6 +73,13 @@ class WebAuthnManageController extends Controller
         $user = $request->user();
         $user->removeCredential($credential);
 
+        // Webauthn user options should be reset to prevent impossible login
+        // See #110
+        if (blank($user->allCredentialDescriptors())) {
+            Settings::delete('useWebauthnAsDefault');
+            Settings::delete('useWebauthnOnly');
+        }
+
         return response()->json(null, 204);
     }
 }