sa.selectPendingAuthz is used in NewPendingAuthorization with the query arg WHERE identifier = ? which can return multiple rows. This doesn't work as sa.selectPendingAuthz uses SelectOne which fails if multiple rows are returned.
Quick fix is to add LIMIT 1 to the end of the query arg. Not sure why tests didn't catch this.
Looking at the code we should probably also add a expires > NOW() so we aren't returning expired pending authorizations when a user is trying to create a new one?
Yep, those both sound correct, thanks for catching.
Most helpful comment
Yep, those both sound correct, thanks for catching.