In our project there was a QueryException which was caused by an invalid challenge. The webauthnKey could not be found which throwed an ModelNotFoundException.
Because there was no handling in the catch statement it falled back to the parent class.
In that class the credential array is used to build a query to fetch the user. And that caused a query exception.
When there is a signed challenge and no webauthn key could be find just return null instead of calling the parent function.
I've also added a unit test to handle this situation.
In our project there was a QueryException which was caused by an invalid challenge. The webauthnKey could not be found which throwed an
ModelNotFoundException
.Because there was no handling in the catch statement it falled back to the parent class.
In that class the credential array is used to build a query to fetch the user. And that caused a query exception.
When there is a signed challenge and no webauthn key could be find just return null instead of calling the parent function.
I've also added a unit test to handle this situation.