tfa: handle incompatible challenge data

by returning default data, in case the challenge data is not parseable.
this allows a new challenge to be started for the userid in question
without manual cleanup.

currently this can be triggered if an ongoing challenge created with
webauthn-rs 0.2.5 is stored in /run and attempted to be read
post-upgrade.

Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

src/config/tfa.rs

@@ -256,13 +256,17 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
         let inner = if data.is_empty() {
             Default::default()
         } else {
-            serde_json::from_slice(&data).map_err(|err| {
+            match serde_json::from_slice(&data) {
-                format_err!(
+                Ok(inner) => inner,
-                    "failed to parse challenge data for user {}: {}",
+                Err(err) => {
-                    userid,
+                    eprintln!(
-                    err
+                        "failed to parse challenge data for user {}: {}",
-                )
+                        userid,
-            })?
+                        err
+                    );
+                    Default::default()
+                },
+            }
         };
 
         Ok(TfaUserChallengeData {