tfa: handle incompatible challenge data

by returning default data, in case the challenge data is not parseable. this allows a new challenge to be started for the userid in question without manual cleanup. currently this can be triggered if an ongoing challenge created with webauthn-rs 0.2.5 is stored in /run and attempted to be read post-upgrade. Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-11-19 14:10:57 +01:00 · 2021-11-19 14:10:57 +01:00 · ea67cd70c9
parent 281a5dd1fc
commit ea67cd70c9
1 changed files with 11 additions and 7 deletions
--- a/src/config/tfa.rs
+++ b/src/config/tfa.rs
@ -256,13 +256,17 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
        let inner = if data.is_empty() {
            Default::default()
        } else {
-            serde_json::from_slice(&data).map_err(|err| {
+            match serde_json::from_slice(&data) {
-                format_err!(
+                Ok(inner) => inner,
-                    "failed to parse challenge data for user {}: {}",
+                Err(err) => {
-                    userid,
+                    eprintln!(
-                    err
+                        "failed to parse challenge data for user {}: {}",
-                )
+                        userid,
-            })?
+                        err
                    );
                    Default::default()
                },
            }
        };
        Ok(TfaUserChallengeData {