challenges: parse all existing cookies with given name and extract valid one always

2025-05-03 17:37:52 +02:00
parent 0e62f80f9b
commit 76417b4308
1 changed files with 11 additions and 1 deletions
--- a/lib/challenge/data.go
+++ b/lib/challenge/data.go
@@ -396,7 +396,7 @@ type TokenChallenge struct {
 	IssuedAt  jwt.NumericDate `json:"iat,omitempty"`
 }

-func (d *RequestData) verifyChallengeState() (TokenChallengeMap, error) {
+func (d *RequestData) verifyChallengeStateCookie(cookie *http.Cookie) (TokenChallengeMap, error) {
 	cookie, err := d.r.Cookie(d.cookieName)
 	if err != nil {
 		return nil, err
@@ -432,6 +432,16 @@ func (d *RequestData) verifyChallengeState() (TokenChallengeMap, error) {
 	return i.State, nil
 }

+func (d *RequestData) verifyChallengeState() (state TokenChallengeMap, err error) {
+	for _, cookie := range d.r.CookiesNamed(d.cookieName) {
+		state, err = d.verifyChallengeStateCookie(cookie)
+		if err == nil {
+			return state, nil
+		}
+	}
+	return state, err
+}
+
 func (d *RequestData) issueChallengeState(until time.Time) (string, error) {
 	signer, err := jose.NewSigner(jose.SigningKey{
 		Algorithm: jose.EdDSA,