saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-12 03:25:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Improved two factor auth

Browse Source
This commit is contained in:
Daniel García
2018-06-01 15:08:03 +02:00
parent dc188211d8
commit b0ee5f6570
8 changed files with 251 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/api/core/mod.rs
View File

@@ -96,22 +96,49 @@ pub fn routes() -> Vec<Route> {
use rocket::Route;
use rocket_contrib::Json;
use rocket_contrib::{Json, Value};
use db::DbConn;
use db::models::*;
use api::{JsonResult, EmptyResult, JsonUpcase};
use auth::Headers;
#[put("/devices/identifier/<uuid>/clear-token")]
fn clear_device_token(uuid: String, _conn: DbConn) -> JsonResult {
println!("{}", uuid);
err!("Not implemented")
#[put("/devices/identifier/<uuid>/clear-token", data = "<data>")]
fn clear_device_token(uuid: String, data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
println!("UUID: {:#?}", uuid);
println!("DATA: {:#?}", data);
let device = match Device::find_by_uuid(&uuid, &conn) {
Some(device) => device,
None => err!("Device not found")
};
if device.user_uuid != headers.user.uuid {
err!("Device not owned by user")
}
device.delete(&conn);
Ok(())
}
#[put("/devices/identifier/<uuid>/token")]
fn put_device_token(uuid: String, _conn: DbConn) -> JsonResult {
println!("{}", uuid);
#[put("/devices/identifier/<uuid>/token", data = "<data>")]
fn put_device_token(uuid: String, data: Json<Value>, headers: Headers, conn: DbConn) -> JsonResult {
println!("UUID: {:#?}", uuid);
println!("DATA: {:#?}", data);
let device = match Device::find_by_uuid(&uuid, &conn) {
Some(device) => device,
None => err!("Device not found")
};
if device.user_uuid != headers.user.uuid {
err!("Device not owned by user")
}
// TODO: What does this do?
err!("Not implemented")
}

2
src/api/core/two_factor.rs
View File

@@ -135,7 +135,7 @@ fn activate_authenticator(data: JsonUpcase<EnableTwoFactorData>, headers: Header
user.totp_secret = Some(key.to_uppercase());
// Validate the token provided with the key
if !user.check_totp_code(Some(token)) {
if !user.check_totp_code(token) {
err!("Invalid totp code")
}