Add global duo config and document options in .env template

2025-09-10 18:55:57 +03:00 · 2019-04-07 18:58:15 +02:00
parent cfbeb56371
commit 754087b990
4 changed files with 99 additions and 83 deletions
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -9,7 +9,7 @@ use num_traits::FromPrimitive;
 use crate::db::models::*;
 use crate::db::DbConn;

-use crate::util::{self, JsonMap};
+use crate::util;

 use crate::api::{ApiResult, EmptyResult, JsonResult};

@@ -178,7 +178,7 @@ fn twofactor_auth(
        Some(TwoFactorType::Authenticator) => _tf::validate_totp_code_str(twofactor_code, &selected_data?)?,
        Some(TwoFactorType::U2f) => _tf::validate_u2f_login(user_uuid, twofactor_code, conn)?,
        Some(TwoFactorType::YubiKey) => _tf::validate_yubikey_login(twofactor_code, &selected_data?)?,
-        Some(TwoFactorType::Duo) => _tf::validate_duo_login(twofactor_code, &selected_data?)?,
+        Some(TwoFactorType::Duo) => _tf::validate_duo_login(data.username.as_ref().unwrap(), twofactor_code)?,

        Some(TwoFactorType::Remember) => {
            match device.twofactor_remember {
@@ -227,42 +227,33 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
                let mut challenge_list = Vec::new();

                for key in request.registered_keys {
-                    let mut challenge_map = JsonMap::new();
-
-                    challenge_map.insert("appId".into(), Value::String(request.app_id.clone()));
-                    challenge_map.insert("challenge".into(), Value::String(request.challenge.clone()));
-                    challenge_map.insert("version".into(), Value::String(key.version));
-                    challenge_map.insert("keyHandle".into(), Value::String(key.key_handle.unwrap_or_default()));
-
-                    challenge_list.push(Value::Object(challenge_map));
+                    challenge_list.push(json!({
+                        "appId": request.app_id,
+                        "challenge": request.challenge,
+                        "version": key.version,
+                        "keyHandle": key.key_handle,
+                    }));
                }

-                let mut map = JsonMap::new();
                let challenge_list_str = serde_json::to_string(&challenge_list).unwrap();

-                map.insert("Challenges".into(), Value::String(challenge_list_str));
-                result["TwoFactorProviders2"][provider.to_string()] = Value::Object(map);
+                result["TwoFactorProviders2"][provider.to_string()] = json!({
+                    "Challenges": challenge_list_str,
+                });
            }

-            Some(tf_type @ TwoFactorType::Duo) => {
-                let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, &conn) {
-                    Some(tf) => tf,
-                    None => err!("No Duo devices registered"),
-                };        
-
-                let duo_data: two_factor::DuoData = serde_json::from_str(&twofactor.data)?;
-
+            Some(TwoFactorType::Duo) => {
                let email = match User::find_by_uuid(user_uuid, &conn) {
                    Some(u) => u.email,
-                    None => err!("User does not exist")
+                    None => err!("User does not exist"),
                };

-                let signature = two_factor::generate_duo_signature(&duo_data, &email);
+                let signature = two_factor::generate_duo_signature(&email);

-                let mut map = JsonMap::new();
-                map.insert("Host".into(), Value::String(duo_data.host));
-                map.insert("Signature".into(), Value::String(signature));
-                result["TwoFactorProviders2"][provider.to_string()] = Value::Object(map);     
+                result["TwoFactorProviders2"][provider.to_string()] = json!({
+                    "Host": CONFIG.duo_host(),
+                    "Signature": signature,
+                });
            }

            Some(tf_type @ TwoFactorType::YubiKey) => {
@@ -271,12 +262,11 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
                    None => err!("No YubiKey devices registered"),
                };

-                let yubikey_metadata: two_factor::YubikeyMetadata =
-                    serde_json::from_str(&twofactor.data)?;
+                let yubikey_metadata: two_factor::YubikeyMetadata = serde_json::from_str(&twofactor.data)?;

-                let mut map = JsonMap::new();
-                map.insert("Nfc".into(), Value::Bool(yubikey_metadata.Nfc));
-                result["TwoFactorProviders2"][provider.to_string()] = Value::Object(map);
+                result["TwoFactorProviders2"][provider.to_string()] = json!({
+                    "Nfc": yubikey_metadata.Nfc,
+                })
            }

            _ => {}