security: fix CVE 2022 46172 (#4275)

* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

web/src/user/user-settings/details/UserSettingsFlowExecutor.ts

@@ -98,13 +98,6 @@ export class UserSettingsFlowExecutor extends AKElement implements StageHost {
             if (!this.flowSlug) {
                 return;
             }
-            new FlowsApi(DEFAULT_CONFIG)
-                .flowsInstancesExecuteRetrieve({
-                    slug: this.flowSlug || "",
-                })
-                .then(() => {
-                    this.nextChallenge();
-                });
         });
     }