diff --git a/passkeys/views.py b/passkeys/views.py
index d94c658..a7ff9e7 100644
--- a/passkeys/views.py
+++ b/passkeys/views.py
@@ -1,6 +1,6 @@
 from django.contrib.auth.decorators import login_required
-from django.http import HttpResponse
-from django.shortcuts import render
+from django.http import HttpResponse, HttpResponseForbidden
+from django.shortcuts import get_object_or_404, render
 
 from .models import UserPasskey
 
@@ -8,25 +8,21 @@
 @login_required
 def index(request, enroll=False):  # noqa
     keys = UserPasskey.objects.filter(user=request.user)  # pragma: no cover
-    return render(request, 'PassKeys.html', {"keys": keys, "enroll": enroll})  # pragma: no cover
+    return render(request, "PassKeys.html", {"keys": keys, "enroll": enroll})  # pragma: no cover
 
 
 @login_required
 def delKey(request):
-    key=UserPasskey.objects.get(id=request.GET["id"])
-    if key.user.pk == request.user.pk:
-        key.delete()
-        return HttpResponse("Deleted Successfully")
-    return HttpResponse("Error: You own this token so you can't delete it", status=403)
+    key = get_object_or_404(UserPasskey, id=request.GET["id"], user=request.user)
+    key.delete()
+    return HttpResponse("Deleted Successfully")
 
 
 @login_required
 def toggleKey(request):
-    id=request.GET["id"]
-    q=UserPasskey.objects.filter(user=request.user, id=id)
-    if q.count()==1:
-        key=q[0]
-        key.enabled=not key.enabled
-        key.save()
+    key = UserPasskey.objects.filter(id=request.GET["id"], user=request.user).first()
+    if key is not None:
+        key.enabled = not key.enabled
+        key.save(update_fields=["enabled"])
         return HttpResponse("OK")
-    return HttpResponse("Error: You own this token so you can't toggle it", status=403)
+    return HttpResponseForbidden("Error: You own this token so you can't toggle it")