tfa: handle incompatible challenge data

by returning default data, in case the challenge data is not parseable.
this allows a new challenge to be started for the userid in question
without manual cleanup.

currently this can be triggered if an ongoing challenge created with
webauthn-rs 0.2.5 is stored in /run and attempted to be read
post-upgrade.

Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2021-11-19 14:10:57 +01:00
parent 281a5dd1fc
commit ea67cd70c9
1 changed files with 11 additions and 7 deletions

View File

@ -256,13 +256,17 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
let inner = if data.is_empty() { let inner = if data.is_empty() {
Default::default() Default::default()
} else { } else {
serde_json::from_slice(&data).map_err(|err| { match serde_json::from_slice(&data) {
format_err!( Ok(inner) => inner,
Err(err) => {
eprintln!(
"failed to parse challenge data for user {}: {}", "failed to parse challenge data for user {}: {}",
userid, userid,
err err
) );
})? Default::default()
},
}
}; };
Ok(TfaUserChallengeData { Ok(TfaUserChallengeData {