From 5d32933ba0cf17208e69d47a58d1ffbc3ea0f304 Mon Sep 17 00:00:00 2001
From: William Oldham <wegg7250@gmail.com>
Date: Sat, 4 Nov 2023 09:43:00 +0000
Subject: [PATCH] Handle errors in challenge assertion

---
 src/services/challenge.ts | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/src/services/challenge.ts b/src/services/challenge.ts
index 65024c1..0499898 100644
--- a/src/services/challenge.ts
+++ b/src/services/challenge.ts
@@ -1,4 +1,8 @@
-import { ChallengeCode } from '@/db/models/ChallengeCode';
+import {
+  ChallengeCode,
+  ChallengeFlow,
+  ChallengeType,
+} from '@/db/models/ChallengeCode';
 import { StatusError } from '@/services/error';
 import { EntityManager } from '@mikro-orm/core';
 import forge from 'node-forge';
@@ -28,19 +32,23 @@ export async function assertChallengeCode(
   if (challenge.expiresAt.getTime() <= now)
     throw new StatusError('Challenge Code Expired', 401);
 
-  const verifiedChallenge = forge.pki.ed25519.verify({
-    publicKey: new forge.util.ByteStringBuffer(
-      Buffer.from(publicKey, 'base64url'),
-    ),
-    encoding: 'utf8',
-    signature: new forge.util.ByteStringBuffer(
-      Buffer.from(signature, 'base64url'),
-    ),
-    message: code,
-  });
+  try {
+    const verifiedChallenge = forge.pki.ed25519.verify({
+      publicKey: new forge.util.ByteStringBuffer(
+        Buffer.from(publicKey, 'base64url'),
+      ),
+      encoding: 'utf8',
+      signature: new forge.util.ByteStringBuffer(
+        Buffer.from(signature, 'base64url'),
+      ),
+      message: code,
+    });
 
-  if (!verifiedChallenge)
+    if (!verifiedChallenge)
+      throw new StatusError('Challenge Code Signature Invalid', 401);
+
+    em.remove(challenge);
+  } catch (e) {
     throw new StatusError('Challenge Code Signature Invalid', 401);
-
-  em.remove(challenge);
+  }
 }