diff options
| author | 0x0fbc <[email protected]> | 2024-07-24 09:50:35 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-07-24 16:50:35 +0200 |
| commit | b4b2701905752f90080dd46ba10a90c5c584a38e (patch) | |
| tree | 5e24bde1efd339e8401451e49a945319238be60b /src/db/schemas | |
| parent | de66e56b6c951192bcb47987b34ac21e2bcea43a (diff) | |
| download | vaultwarden-b4b2701905752f90080dd46ba10a90c5c584a38e.tar.gz vaultwarden-b4b2701905752f90080dd46ba10a90c5c584a38e.zip | |
Add support for MFA with Duo's Universal Prompt (#4637)
* Add initial working Duo Universal Prompt support.
* Add db schema and models for Duo 2FA state storage
* store duo states in the database and validate during authentication
* cleanup & comments
* bump state/nonce length
* replace stray use of TimeDelta
* more cleanup
* bind Duo oauth flow to device id, drop redundant device type handling
* drop redundant alphanum string generation code
* error handling cleanup
* directly use JWT_VALIDITY_SECS constant instead of copying it to DuoClient instances
* remove redundant explicit returns, rustfmt
* rearrange constants, update comments, error message
* override charset on duo state column to ascii for mysql
* Reduce twofactor_duo_ctx state/nonce column size in postgres and maria
* Add fixes suggested by clippy
* rustfmt
* Update to use the make_http_request
* Don't handle OrganizationDuo
* move Duo API endpoint fmt strings out of macros and into format! calls
* Add missing indentation
Co-authored-by: Daniel García <[email protected]>
* remove redundant expiry check when purging Duo contexts
---------
Co-authored-by: BlackDex <[email protected]>
Co-authored-by: Daniel García <[email protected]>
Diffstat (limited to 'src/db/schemas')
| -rw-r--r-- | src/db/schemas/mysql/schema.rs | 9 | ||||
| -rw-r--r-- | src/db/schemas/postgresql/schema.rs | 9 | ||||
| -rw-r--r-- | src/db/schemas/sqlite/schema.rs | 9 |
3 files changed, 27 insertions, 0 deletions
diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs index 0fb286a4..58ec55a2 100644 --- a/src/db/schemas/mysql/schema.rs +++ b/src/db/schemas/mysql/schema.rs @@ -175,6 +175,15 @@ table! { } table! { + twofactor_duo_ctx (state) { + state -> Text, + user_email -> Text, + nonce -> Text, + exp -> BigInt, + } +} + +table! { users (uuid) { uuid -> Text, enabled -> Bool, diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs index 26bf4b68..10b5313e 100644 --- a/src/db/schemas/postgresql/schema.rs +++ b/src/db/schemas/postgresql/schema.rs @@ -175,6 +175,15 @@ table! { } table! { + twofactor_duo_ctx (state) { + state -> Text, + user_email -> Text, + nonce -> Text, + exp -> BigInt, + } +} + +table! { users (uuid) { uuid -> Text, enabled -> Bool, diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs index 26bf4b68..10b5313e 100644 --- a/src/db/schemas/sqlite/schema.rs +++ b/src/db/schemas/sqlite/schema.rs @@ -175,6 +175,15 @@ table! { } table! { + twofactor_duo_ctx (state) { + state -> Text, + user_email -> Text, + nonce -> Text, + exp -> BigInt, + } +} + +table! { users (uuid) { uuid -> Text, enabled -> Bool, |