only user with can_use_fido can use fido

app/dashboard/templates/dashboard/setting.html

@@ -85,11 +85,13 @@
     </div>
     <!-- END change name & profile picture -->
 
+    {% if current_user.can_use_fido %}
       <div class="card">
         <div class="card-body">
           <div class="card-title">Security Key (WebAuthn)</div>
           <div class="mb-3">
-          You can secure your account by linking either your FIDO-supported physical key such as Yubikey, Google Titan,
+            You can secure your account by linking either your FIDO-supported physical key such as Yubikey, Google
+            Titan,
             or a device with appropriate hardware to your account.
           </div>
           {% if current_user.fido_uuid is none %}
@@ -99,8 +101,9 @@
           {% endif %}
         </div>
       </div>
+    {% endif %}
 
-    <div class="card">
+    <div class="card" id="totp">
       <div class="card-body">
         <div class="card-title">One-Time Password (TOTP)</div>
         <div class="mb-3">

app/dashboard/views/fido_setup.py

@@ -25,6 +25,13 @@ def fido_setup():
         flash("You have already registered your security key", "warning")
         return redirect(url_for("dashboard.index"))
 
+    if not current_user.can_use_fido:
+        flash(
+            "This feature is currently in invitation-only beta. Please send us an email if you want to try",
+            "warning",
+        )
+        return redirect(url_for("dashboard.index"))
+
     fido_token_form = FidoTokenForm()
 
     # Handling POST requests