From 94d665e6e9fc12770bd24e8f48fb448413db823d Mon Sep 17 00:00:00 2001
From: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Date: Mon, 4 Mar 2024 11:43:03 -0500
Subject: [PATCH] [PM-5435] Handle Fido2VerificationException on WebAuthn 2FA
 (#3615)

* Handle Fido2VerificationException on WebAuthn 2FA

* Linting!
---
 .../Auth/Identity/WebAuthnTokenProvider.cs    | 26 ++++++++++++-------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/Core/Auth/Identity/WebAuthnTokenProvider.cs b/src/Core/Auth/Identity/WebAuthnTokenProvider.cs
index ef6535de74..a3b4aebea5 100644
--- a/src/Core/Auth/Identity/WebAuthnTokenProvider.cs
+++ b/src/Core/Auth/Identity/WebAuthnTokenProvider.cs
@@ -103,19 +103,27 @@ public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
         // established ownership in this context.
         IsUserHandleOwnerOfCredentialIdAsync callback = (args, cancellationToken) => Task.FromResult(true);
 
-        var res = await _fido2.MakeAssertionAsync(clientResponse, options, webAuthCred.Item2.PublicKey, webAuthCred.Item2.SignatureCounter, callback);
+        try
+        {
+            var res = await _fido2.MakeAssertionAsync(clientResponse, options, webAuthCred.Item2.PublicKey, webAuthCred.Item2.SignatureCounter, callback);
 
-        provider.MetaData.Remove("login");
+            provider.MetaData.Remove("login");
 
-        // Update SignatureCounter
-        webAuthCred.Item2.SignatureCounter = res.Counter;
+            // Update SignatureCounter
+            webAuthCred.Item2.SignatureCounter = res.Counter;
 
-        var providers = user.GetTwoFactorProviders();
-        providers[TwoFactorProviderType.WebAuthn].MetaData[webAuthCred.Item1] = webAuthCred.Item2;
-        user.SetTwoFactorProviders(providers);
-        await userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.WebAuthn, logEvent: false);
+            var providers = user.GetTwoFactorProviders();
+            providers[TwoFactorProviderType.WebAuthn].MetaData[webAuthCred.Item1] = webAuthCred.Item2;
+            user.SetTwoFactorProviders(providers);
+            await userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.WebAuthn, logEvent: false);
+
+            return res.Status == "ok";
+        }
+        catch (Fido2VerificationException)
+        {
+            return false;
+        }
 
-        return res.Status == "ok";
     }
 
     private bool HasProperMetaData(TwoFactorProvider provider)