From 2c9fcdbfd04722e71171e8eb6b2758433b19668d Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Sun, 31 Jul 2022 11:25:28 -0700
Subject: [PATCH] Fixed U2F server exception (#4346)

---
 webserver.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/webserver.js b/webserver.js
index 31b9c3be..69aea130 100644
--- a/webserver.js
+++ b/webserver.js
@@ -978,9 +978,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
 
     // Return a U2F hardware key challenge
     function getHardwareKeyChallenge(req, domain, user, func) {
-        delete req.session.u2f;
-        if (req.session == null) { req.session = {}; }
-        const sec = parent.decryptSessionData(req.session.e);
+        var sec = {};
+        if (req.session == null) { req.session = {}; } else { try { sec = parent.decryptSessionData(req.session.e); } catch (ex) { } }
 
         if (user.otphkeys && (user.otphkeys.length > 0)) {
             // Get all WebAuthn keys
@@ -998,7 +997,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
             }
         }
 
-        // Remove the chalange if present
+        // Remove the challenge if present
         if (sec.u2f != null) { delete sec.u2f; req.session.e = parent.encryptSessionData(sec); }
 
         parent.debug('web', 'getHardwareKeyChallenge: fail');