diff options
| author | 0x0fbc <[email protected]> | 2024-07-24 09:50:35 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-07-24 16:50:35 +0200 |
| commit | b4b2701905752f90080dd46ba10a90c5c584a38e (patch) | |
| tree | 5e24bde1efd339e8401451e49a945319238be60b /src/config.rs | |
| parent | de66e56b6c951192bcb47987b34ac21e2bcea43a (diff) | |
| download | vaultwarden-b4b2701905752f90080dd46ba10a90c5c584a38e.tar.gz vaultwarden-b4b2701905752f90080dd46ba10a90c5c584a38e.zip | |
Add support for MFA with Duo's Universal Prompt (#4637)
* Add initial working Duo Universal Prompt support.
* Add db schema and models for Duo 2FA state storage
* store duo states in the database and validate during authentication
* cleanup & comments
* bump state/nonce length
* replace stray use of TimeDelta
* more cleanup
* bind Duo oauth flow to device id, drop redundant device type handling
* drop redundant alphanum string generation code
* error handling cleanup
* directly use JWT_VALIDITY_SECS constant instead of copying it to DuoClient instances
* remove redundant explicit returns, rustfmt
* rearrange constants, update comments, error message
* override charset on duo state column to ascii for mysql
* Reduce twofactor_duo_ctx state/nonce column size in postgres and maria
* Add fixes suggested by clippy
* rustfmt
* Update to use the make_http_request
* Don't handle OrganizationDuo
* move Duo API endpoint fmt strings out of macros and into format! calls
* Add missing indentation
Co-authored-by: Daniel García <[email protected]>
* remove redundant expiry check when purging Duo contexts
---------
Co-authored-by: BlackDex <[email protected]>
Co-authored-by: Daniel García <[email protected]>
Diffstat (limited to 'src/config.rs')
| -rw-r--r-- | src/config.rs | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/config.rs b/src/config.rs index 5579918e..58e52155 100644 --- a/src/config.rs +++ b/src/config.rs @@ -415,7 +415,9 @@ make_config! { /// Auth Request cleanup schedule |> Cron schedule of the job that cleans old auth requests from the auth request. /// Defaults to every minute. Set blank to disable this job. auth_request_purge_schedule: String, false, def, "30 * * * * *".to_string(); - + /// Duo Auth context cleanup schedule |> Cron schedule of the job that cleans expired Duo contexts from the database. Does nothing if Duo MFA is disabled or set to use the legacy iframe prompt. + /// Defaults to once every minute. Set blank to disable this job. + duo_context_purge_schedule: String, false, def, "30 * * * * *".to_string(); }, /// General settings @@ -635,6 +637,8 @@ make_config! { duo: _enable_duo { /// Enabled _enable_duo: bool, true, def, true; + /// Attempt to use deprecated iframe-based Traditional Prompt (Duo WebSDK 2) + duo_use_iframe: bool, false, def, false; /// Integration Key duo_ikey: String, true, option; /// Secret Key |