tfa: handle incompatible challenge data

by returning default data, in case the challenge data is not parseable.
this allows a new challenge to be started for the userid in question
without manual cleanup.

currently this can be triggered if an ongoing challenge created with
webauthn-rs 0.2.5 is stored in /run and attempted to be read
post-upgrade.

Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2021-11-19 14:10:57 +01:00
parent 281a5dd1fc
commit ea67cd70c9

View File

@ -256,13 +256,17 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
let inner = if data.is_empty() {
Default::default()
} else {
serde_json::from_slice(&data).map_err(|err| {
format_err!(
"failed to parse challenge data for user {}: {}",
userid,
err
)
})?
match serde_json::from_slice(&data) {
Ok(inner) => inner,
Err(err) => {
eprintln!(
"failed to parse challenge data for user {}: {}",
userid,
err
);
Default::default()
},
}
};
Ok(TfaUserChallengeData {