fix(web): embed challenge ID in pass-challenge invocations (#944)

* refactor: make challenge pages return the challenge component This means that challenge pages will return only the little bit that actually matters, not the entire component. Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(web): move Anubis version info to be implicitly in the footer Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(web): embed challenge ID into generated pages Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(lib): make tests pass Signed-off-by: Xe Iaso <me@xeiaso.net> * test(lib/policy/config): amend tests Signed-off-by: Xe Iaso <me@xeiaso.net> * test(lib): fix tests again Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
2025-08-04 14:49:19 -04:00 · 2025-08-04 14:49:19 -04:00 · f6481b81a2
commit f6481b81a2
parent 790bcbe773
19 changed files with 629 additions and 497 deletions
--- a/lib/anubis.go
+++ b/lib/anubis.go
@ -92,15 +92,10 @@ func (s *Server) getTokenKeyfunc() jwt.Keyfunc {
 }

 func (s *Server) getChallenge(r *http.Request) (*challenge.Challenge, error) {
-	ckies := r.CookiesNamed(anubis.TestCookieName)
-	if len(ckies) == 0 {
-		return nil, store.ErrNotFound
-	}
-
+	id := r.FormValue("id")
 	j := store.JSON[challenge.Challenge]{Underlying: s.store}

-	ckie := ckies[0]
-	chall, err := j.Get(r.Context(), "challenge:"+ckie.Value)
+	chall, err := j.Get(r.Context(), "challenge:"+id)

 	return &chall, err
 }
@ -374,9 +369,11 @@ func (s *Server) MakeChallenge(w http.ResponseWriter, r *http.Request) {
 	err = encoder.Encode(struct {
 		Rules     *config.ChallengeRules `json:"rules"`
 		Challenge string                 `json:"challenge"`
+		ID        string                 `json:"id"`
 	}{
-		Challenge: chall.RandomData,
 		Rules:     rule.Challenge,
+		Challenge: chall.RandomData,
+		ID:        chall.ID,
 	})
 	if err != nil {
 		lg.Error("failed to encode challenge", "err", err)