Improve views query

[nnsnodnb]

• Update GitHub Actions' steps version.
• Update query and syntax in passkey/views.py.

django-passkeys/passkeys/views.py

Lines 15 to 19 in abb687b

	key=UserPasskey.objects.get(id=request.GET["id"])
	if key.user.pk == request.user.pk:
	key.delete()
	return HttpResponse("Deleted Successfully")
	return HttpResponse("Error: You own this token so you can't delete it", status=403)

I think there is a risk that Passkey ID on database will be leaked.
If you are checking user matches, I think it would be a good idea to retrieve it as a query and set it as Not Found.

django-passkeys/passkeys/views.py

Line 23 in abb687b

id=request.GET["id"]

id is reserved as a built-in function.

$ python
>>> id
<built-in function id>

django-passkeys/passkeys/views.py

Lines 24 to 27 in abb687b

	q=UserPasskey.objects.filter(user=request.user, id=id)
	if q.count()==1:
	key=q[0]
	key.enabled=not key.enabled

if q.count()==1:  # a query
    key=q[0]  # a query
    # follow code...

This code generates the query twice.
Also, here we only have one matching data, so we can improve it by using first().

django-passkeys/passkeys/views.py

Line 30 in abb687b

return HttpResponse("Error: You own this token so you can't toggle it", status=403)

django.http.response provides HttpResponseForbidden and the status is set to 403.

[rafaelurben]

I think this should be "You don't own [...]".