From 09f005050e60b654f198560faeb0851741e1b399 Mon Sep 17 00:00:00 2001
From: Jiewei Qian <qjw@chromium.org>
Date: Wed, 13 Aug 2025 14:49:27 -0700
Subject: [PATCH] luci-auth-fido2-plugin: use WindowsClient if available

WindowsClient works for both non-admin and admin users. There's no need
to branch and use Fido2Client for admin users.

Bug:b/433851494
Change-Id: I42d52d71749beaf0b2c68d9adc6027a5b6bb2ac2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6844138
Reviewed-by: Allen Li <ayatane@chromium.org>
Reviewed-by: Chenlin Fan <fancl@chromium.org>
Auto-Submit: Jiewei Qian <qjw@chromium.org>
Commit-Queue: Allen Li <ayatane@chromium.org>
---
 luci_auth_fido2_plugin.py | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/luci_auth_fido2_plugin.py b/luci_auth_fido2_plugin.py
index d6fb28edc9..05f0d8b5f5 100755
--- a/luci_auth_fido2_plugin.py
+++ b/luci_auth_fido2_plugin.py
@@ -25,7 +25,6 @@
 
 from concurrent.futures import ThreadPoolExecutor, as_completed
 from contextlib import contextmanager
-import ctypes
 import dataclasses
 import json
 import logging
@@ -185,14 +184,10 @@ def get_clients(origin: str) -> list[tuple[WebAuthnClient, str]]:
     """
     client_data_collector = DefaultClientDataCollector(origin)
 
-    # Use Windows WebAuthn API if available, and if we aren't running as admin.
-    if WindowsClient is not None \
-       and WindowsClient.is_available():
-        if ctypes.windll.shell32.IsUserAnAdmin():
-            logging.info("User is admin")
-        else:
-            logging.info("Using WindowsClient")
-            return [(WindowsClient(client_data_collector), "WindowsWebAuthn")]
+    # Use Windows WebAuthn API if available.
+    if WindowsClient and WindowsClient.is_available():
+        logging.info("Using WindowsClient")
+        return [(WindowsClient(client_data_collector), "WindowsWebAuthn")]
 
     user_interaction = DiscardInteraction()
     clients = []