From 27436411226384fd8cb1e45d7874e570eb94b775 Mon Sep 17 00:00:00 2001
From: Kukks <evilkukka@gmail.com>
Date: Sun, 10 Nov 2019 17:32:28 +0100
Subject: [PATCH 1/3] hidden challenges rendered

---
 BTCPayServer/Views/Account/LoginWithU2F.cshtml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/BTCPayServer/Views/Account/LoginWithU2F.cshtml b/BTCPayServer/Views/Account/LoginWithU2F.cshtml
index 47925f321..f1048049d 100644
--- a/BTCPayServer/Views/Account/LoginWithU2F.cshtml
+++ b/BTCPayServer/Views/Account/LoginWithU2F.cshtml
@@ -5,7 +5,10 @@
     <input type="hidden" asp-for="Challenge" />
     <input type="hidden" asp-for="AppId" />
     <input type="hidden" asp-for="DeviceResponse" />
-    <input type="hidden" asp-for="Challenges" />
+    @for (int i = 0; i < Model.Challenges.Count; i++)
+    {
+        @Html.HiddenFor(m => m.Challenges[i])
+    }
     <input type="hidden" asp-for="UserId" />
     <input type="hidden" asp-for="RememberMe" />
 </form>

From 539c7d6e177e03c054931532e5c361e3a2dfe6c9 Mon Sep 17 00:00:00 2001
From: Kukks <evilkukka@gmail.com>
Date: Sun, 10 Nov 2019 18:12:20 +0100
Subject: [PATCH 2/3] fix for multiple U2F devices

---
 BTCPayServer/U2F/U2FService.cs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/BTCPayServer/U2F/U2FService.cs b/BTCPayServer/U2F/U2FService.cs
index 333fb8d2a..e5d82b788 100644
--- a/BTCPayServer/U2F/U2FService.cs
+++ b/BTCPayServer/U2F/U2FService.cs
@@ -157,14 +157,22 @@ namespace BTCPayServer.U2F
                 var authenticationRequest =
                     UserAuthenticationRequests[userId].First(f =>
                         f.KeyHandle.Equals(authenticateResponse.KeyHandle, StringComparison.InvariantCulture));
+                
                 var registration = new DeviceRegistration(device.KeyHandle, device.PublicKey,
                     device.AttestationCert, Convert.ToUInt32(device.Counter));
 
                 var authentication = new StartedAuthentication(authenticationRequest.Challenge,
                     authenticationRequest.AppId, authenticationRequest.KeyHandle);
 
-                global::U2F.Core.Crypto.U2F.FinishAuthentication(authentication, authenticateResponse, registration);
+                
+                var challengeAuthenticationRequestMatch = UserAuthenticationRequests[userId].First(f =>
+                    f.Challenge.Equals( authenticateResponse.GetClientData().Challenge, StringComparison.InvariantCulture));
 
+                if (authentication.Challenge != challengeAuthenticationRequestMatch.Challenge)
+                {
+                    authentication = new StartedAuthentication(challengeAuthenticationRequestMatch.Challenge, authenticationRequest.AppId, authenticationRequest.KeyHandle);
+                }
+                global::U2F.Core.Crypto.U2F.FinishAuthentication(authentication, authenticateResponse, registration);
 
                 UserAuthenticationRequests.AddOrReplace(userId, new List<U2FDeviceAuthenticationRequest>());
 

From 974101624b560bdb4cb6a2fd084e075176ffee4e Mon Sep 17 00:00:00 2001
From: Kukks <evilkukka@gmail.com>
Date: Sun, 10 Nov 2019 18:51:51 +0100
Subject: [PATCH 3/3] fix text

---
 BTCPayServer/Views/Account/LoginWithU2F.cshtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BTCPayServer/Views/Account/LoginWithU2F.cshtml b/BTCPayServer/Views/Account/LoginWithU2F.cshtml
index f1048049d..e7b832382 100644
--- a/BTCPayServer/Views/Account/LoginWithU2F.cshtml
+++ b/BTCPayServer/Views/Account/LoginWithU2F.cshtml
@@ -35,7 +35,7 @@
         1: 'Unknown error, try again',
         2: "Bad request error, try again",
         3: "This key isn't supported, please try another one",
-        4: 'The device is already registered, please login',
+        4: 'The device is not registered, please try another one',
         5: 'Authentication timed out. Please reload to try again.'
     };
     setTimeout(function() {