From 77c0f6e0c6d94fce3fff787fd26d832b0340a5ae Mon Sep 17 00:00:00 2001
From: Ginger <ginger@gingershaped.computer>
Date: Wed, 21 Jan 2026 12:24:48 -0500
Subject: [PATCH] fix: Add a code path for clients trying to use fallback auth

---
 src/service/uiaa/mod.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/service/uiaa/mod.rs b/src/service/uiaa/mod.rs
index 76874e69..7c15a919 100644
--- a/src/service/uiaa/mod.rs
+++ b/src/service/uiaa/mod.rs
@@ -233,6 +233,16 @@ pub async fn try_auth(
 		| AuthData::Dummy(_) => {
 			uiaainfo.completed.push(AuthType::Dummy);
 		},
+		| AuthData::FallbackAcknowledgement(_) => {
+			// The client is checking if authentication has succeeded out-of-band. This is
+			// possible if the client is using "fallback auth" (see spec section
+			// 4.9.1.4), which we don't support (and probably never will, because it's a
+			// disgusting hack).
+
+			// Return early to tell the client that no, authentication did not succeed while
+			// it wasn't looking.
+			return Ok((false, uiaainfo));
+		},
 		| k => error!("type not supported: {:?}", k),
 	}