diff options
author | Daniel GarcĂa <[email protected]> | 2018-11-09 15:47:29 +0100 |
---|---|---|
committer | GitHub <[email protected]> | 2018-11-09 15:47:29 +0100 |
commit | 1e9dd2fd4e980e83e72939c3a61359658433538d (patch) | |
tree | 7850e9360a7423a5e9ab59464f18ed2dfc885656 | |
parent | 8f5bfe7938b9037fb802c0811b28f2575f3b0e89 (diff) | |
parent | 62bc58e1453c885b15d3d56e4c50c985e2b9f4d2 (diff) | |
download | vaultwarden-1e9dd2fd4e980e83e72939c3a61359658433538d.tar.gz vaultwarden-1e9dd2fd4e980e83e72939c3a61359658433538d.zip |
Merge pull request #244 from RomanHargrave/multiple-u2f
Make U2F work with vault 2.4.0 changes
-rw-r--r-- | src/api/core/mod.rs | 1 | ||||
-rw-r--r-- | src/api/core/two_factor.rs | 35 |
2 files changed, 22 insertions, 14 deletions
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 205bd5b2..3904acf7 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -80,6 +80,7 @@ pub fn routes() -> Vec<Route> { activate_authenticator, activate_authenticator_put, generate_u2f, + generate_u2f_challenge, activate_u2f, activate_u2f_put, diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs index 7d412e54..969b8c50 100644 --- a/src/api/core/two_factor.rs +++ b/src/api/core/two_factor.rs @@ -252,27 +252,34 @@ fn generate_u2f(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) let user_uuid = &headers.user.uuid; let u2f_type = TwoFactorType::U2f as i32; - let register_type = TwoFactorType::U2fRegisterChallenge; - let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) { - Some(_) => (true, String::new()), - None => { - let c = _create_u2f_challenge(user_uuid, register_type, &conn); - (false, c.challenge) - } - }; + let enabled = TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn).is_some(); Ok(Json(json!({ "Enabled": enabled, - "Challenge": { - "UserId": headers.user.uuid, - "AppId": APP_ID.to_string(), - "Challenge": challenge, - "Version": U2F_VERSION, - }, "Object": "twoFactorU2f" }))) } +#[post("/two-factor/get-u2f-challenge", data = "<data>")] +fn generate_u2f_challenge(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult { + let data: PasswordData = data.into_inner().data; + + if !headers.user.check_valid_password(&data.MasterPasswordHash) { + err!("Invalid password"); + } + + let user_uuid = &headers.user.uuid; + + let challenge = _create_u2f_challenge(user_uuid, TwoFactorType::U2fRegisterChallenge, &conn).challenge; + + Ok(Json(json!({ + "UserId": headers.user.uuid, + "AppId": APP_ID.to_string(), + "Challenge": challenge, + "Version": U2F_VERSION, + }))) +} + #[derive(Deserialize, Debug)] #[allow(non_snake_case)] struct EnableU2FData { |