aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel GarcĂ­a <[email protected]>2018-11-09 15:47:29 +0100
committerGitHub <[email protected]>2018-11-09 15:47:29 +0100
commit1e9dd2fd4e980e83e72939c3a61359658433538d (patch)
tree7850e9360a7423a5e9ab59464f18ed2dfc885656
parent8f5bfe7938b9037fb802c0811b28f2575f3b0e89 (diff)
parent62bc58e1453c885b15d3d56e4c50c985e2b9f4d2 (diff)
downloadvaultwarden-1e9dd2fd4e980e83e72939c3a61359658433538d.tar.gz
vaultwarden-1e9dd2fd4e980e83e72939c3a61359658433538d.zip
Merge pull request #244 from RomanHargrave/multiple-u2f
Make U2F work with vault 2.4.0 changes
-rw-r--r--src/api/core/mod.rs1
-rw-r--r--src/api/core/two_factor.rs35
2 files changed, 22 insertions, 14 deletions
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
index 205bd5b2..3904acf7 100644
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -80,6 +80,7 @@ pub fn routes() -> Vec<Route> {
activate_authenticator,
activate_authenticator_put,
generate_u2f,
+ generate_u2f_challenge,
activate_u2f,
activate_u2f_put,
diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs
index 7d412e54..969b8c50 100644
--- a/src/api/core/two_factor.rs
+++ b/src/api/core/two_factor.rs
@@ -252,27 +252,34 @@ fn generate_u2f(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn)
let user_uuid = &headers.user.uuid;
let u2f_type = TwoFactorType::U2f as i32;
- let register_type = TwoFactorType::U2fRegisterChallenge;
- let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) {
- Some(_) => (true, String::new()),
- None => {
- let c = _create_u2f_challenge(user_uuid, register_type, &conn);
- (false, c.challenge)
- }
- };
+ let enabled = TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn).is_some();
Ok(Json(json!({
"Enabled": enabled,
- "Challenge": {
- "UserId": headers.user.uuid,
- "AppId": APP_ID.to_string(),
- "Challenge": challenge,
- "Version": U2F_VERSION,
- },
"Object": "twoFactorU2f"
})))
}
+#[post("/two-factor/get-u2f-challenge", data = "<data>")]
+fn generate_u2f_challenge(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult {
+ let data: PasswordData = data.into_inner().data;
+
+ if !headers.user.check_valid_password(&data.MasterPasswordHash) {
+ err!("Invalid password");
+ }
+
+ let user_uuid = &headers.user.uuid;
+
+ let challenge = _create_u2f_challenge(user_uuid, TwoFactorType::U2fRegisterChallenge, &conn).challenge;
+
+ Ok(Json(json!({
+ "UserId": headers.user.uuid,
+ "AppId": APP_ID.to_string(),
+ "Challenge": challenge,
+ "Version": U2F_VERSION,
+ })))
+}
+
#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct EnableU2FData {