tfa: handle incompatible challenge data
by returning default data, in case the challenge data is not parseable. this allows a new challenge to be started for the userid in question without manual cleanup. currently this can be triggered if an ongoing challenge created with webauthn-rs 0.2.5 is stored in /run and attempted to be read post-upgrade. Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
281a5dd1fc
commit
ea67cd70c9
@ -256,13 +256,17 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
|
||||
let inner = if data.is_empty() {
|
||||
Default::default()
|
||||
} else {
|
||||
serde_json::from_slice(&data).map_err(|err| {
|
||||
format_err!(
|
||||
"failed to parse challenge data for user {}: {}",
|
||||
userid,
|
||||
err
|
||||
)
|
||||
})?
|
||||
match serde_json::from_slice(&data) {
|
||||
Ok(inner) => inner,
|
||||
Err(err) => {
|
||||
eprintln!(
|
||||
"failed to parse challenge data for user {}: {}",
|
||||
userid,
|
||||
err
|
||||
);
|
||||
Default::default()
|
||||
},
|
||||
}
|
||||
};
|
||||
|
||||
Ok(TfaUserChallengeData {
|
||||
|
Loading…
Reference in New Issue
Block a user