mirror/anubis
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-02-07 20:39:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix(web): don't block a user if they have an invalid challenge cookie

Browse Source 
Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso
2025-07-15 00:27:53 +00:00
parent 04077cee55
commit b2f052a1ca
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/http.go
View File

@@ -131,6 +131,7 @@ func (s *Server) RenderIndex(w http.ResponseWriter, r *http.Request, rule *polic
chall, err := s.challengeFor(r)
if err != nil {
lg.Error("can't get challenge", "err", "err")
s.ClearCookie(w, CookieOpts{Name: anubis.TestCookieName, Host: r.Host})
s.respondWithError(w, r, fmt.Sprintf("%s: %s", localizer.T("internal_server_error"), rule.Challenge.Algorithm))
return
}
@@ -155,6 +156,7 @@ func (s *Server) RenderIndex(w http.ResponseWriter, r *http.Request, rule *polic
impl, ok := challenge.Get(rule.Challenge.Algorithm)
if !ok {
lg.Error("check failed", "err", "can't get algorithm", "algorithm", rule.Challenge.Algorithm)
s.ClearCookie(w, CookieOpts{Name: anubis.TestCookieName, Host: r.Host})
s.respondWithError(w, r, fmt.Sprintf("%s: %s", localizer.T("internal_server_error"), rule.Challenge.Algorithm))
return
}