From cd372e1512de5d86078c7b6b202049fa7906cc00 Mon Sep 17 00:00:00 2001 From: WeebDataHoarder Date: Wed, 23 Apr 2025 22:06:11 +0200 Subject: [PATCH] challenge: Skip already issued challenges --- lib/challenge/data.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/challenge/data.go b/lib/challenge/data.go index 6c34375..a7a0c59 100644 --- a/lib/challenge/data.go +++ b/lib/challenge/data.go @@ -108,6 +108,11 @@ func (d *RequestData) Parent() cel.Activation { } func (d *RequestData) EvaluateChallenges(w http.ResponseWriter, r *http.Request) { + q := r.URL.Query() + var issuedChallenge string + if q.Has(QueryArgChallenge) { + issuedChallenge = q.Get(QueryArgChallenge) + } for _, reg := range d.State.GetChallenges() { key := GetChallengeKeyForRequest(d.State, reg, d.Expiration(reg.Duration), r) verifyResult, verifyState, err := reg.VerifyChallengeToken(d.State.PublicKey(), key, r) @@ -130,6 +135,11 @@ func (d *RequestData) EvaluateChallenges(w http.ResponseWriter, r *http.Request) } } } + + if !verifyResult.Ok() && issuedChallenge == reg.Name { + // we issued the challenge, must skip to prevent loops + verifyResult = VerifyResultSkip + } d.ChallengeVerify[reg.Id()] = verifyResult d.ChallengeState[reg.Id()] = verifyState }