public bool ConsumeChallenge(string challenge)
{
CleanupExpiredTokens();
DateTime existingChallengeTimestamp;
// note that we remove the challenge if it exists: you get one shot
if (!_activeChallenges.TryRemove(challenge, out existingChallengeTimestamp))
{
_logger?.ChallengeUnknown(challenge);
return(false); // challenge was unknown
}
// we know the token's timestamp was valid because we cleaned up expired tokens before getting it
// we now know the challenge was valid.
return(true);
}
public bool ConsumeChallenge(string challenge)
{
CleanupExpiredTokens();
using (new SecurityDisabler())
{
var existingChallenge = RootItem.Children["AUTH" + challenge];
if (existingChallenge == null)
{
_challengeStoreLogger?.ChallengeUnknown(challenge);
return(false);
}
// we know the token's timestamp was valid because we cleaned up expired tokens before getting it
existingChallenge.Delete(); // prevent reuse
return(true);
}
}