Improved two factor auth

src/db/models/device.rs

@@ -19,6 +19,8 @@ pub struct Device {
     pub push_token: Option<String>,
 
     pub refresh_token: String,
+
+    pub twofactor_remember: Option<String>,
 }
 
 /// Local methods
@@ -37,9 +39,22 @@ impl Device {
 
             push_token: None,
             refresh_token: String::new(),
+            twofactor_remember: None,
         }
     }
 
+    pub fn refresh_twofactor_remember(&mut self) {
+        use data_encoding::BASE64;
+        use crypto;
+
+        self.twofactor_remember = Some(BASE64.encode(&crypto::get_random(vec![0u8; 180])));
+    }
+
+    pub fn delete_twofactor_remember(&mut self) {
+        self.twofactor_remember = None;
+    }
+
+
     pub fn refresh_tokens(&mut self, user: &super::User, orgs: Vec<super::UserOrganization>) -> (String, i64) {
         // If there is no refresh token, we create one
         if self.refresh_token.is_empty() {

src/db/models/user.rs

@@ -26,8 +26,10 @@ pub struct User {
     pub key: String,
     pub private_key: Option<String>,
     pub public_key: Option<String>,
+    
     pub totp_secret: Option<String>,
     pub totp_recover: Option<String>,
+
     pub security_stamp: String,
 
     pub equivalent_domains: String,
@@ -61,6 +63,7 @@ impl User {
             password_hint: None,
             private_key: None,
             public_key: None,
+            
             totp_secret: None,
             totp_recover: None,
 
@@ -95,23 +98,23 @@ impl User {
         self.security_stamp = Uuid::new_v4().to_string();
     }
 
-    pub fn check_totp_code(&self, totp_code: Option<u64>) -> bool {
+    pub fn requires_twofactor(&self) -> bool {
+        self.totp_secret.is_some()
+    }
+
+    pub fn check_totp_code(&self, totp_code: u64) -> bool {
         if let Some(ref totp_secret) = self.totp_secret {
-            if let Some(code) = totp_code {
-                // Validate totp
-                use data_encoding::BASE32;
-                use oath::{totp_raw_now, HashType};
+            // Validate totp
+            use data_encoding::BASE32;
+            use oath::{totp_raw_now, HashType};
 
-                let decoded_secret = match BASE32.decode(totp_secret.as_bytes()) {
-                    Ok(s) => s,
-                    Err(_) => return false
-                };
+            let decoded_secret = match BASE32.decode(totp_secret.as_bytes()) {
+                Ok(s) => s,
+                Err(_) => return false
+            };
 
-                let generated = totp_raw_now(&decoded_secret, 6, 0, 30, &HashType::SHA1);
-                generated == code
-            } else {
-                false
-            }
+            let generated = totp_raw_now(&decoded_secret, 6, 0, 30, &HashType::SHA1);
+            generated == totp_code
         } else {
             true
         }

src/db/schema.rs

@@ -24,6 +24,13 @@ table! {
     }
 }
 
+table! {
+    ciphers_collections (cipher_uuid, collection_uuid) {
+        cipher_uuid -> Text,
+        collection_uuid -> Text,
+    }
+}
+
 table! {
     collections (uuid) {
         uuid -> Text,
@@ -43,6 +50,7 @@ table! {
         type_ -> Integer,
         push_token -> Nullable<Text>,
         refresh_token -> Text,
+        twofactor_remember -> Nullable<Text>,
     }
 }
 
@@ -101,13 +109,6 @@ table! {
     }
 }
 
-table! {
-    ciphers_collections (cipher_uuid, collection_uuid) {
-        cipher_uuid -> Text,
-        collection_uuid -> Text,
-    }
-}
-
 table! {
     users_organizations (uuid) {
         uuid -> Text,
@@ -124,6 +125,8 @@ table! {
 joinable!(attachments -> ciphers (cipher_uuid));
 joinable!(ciphers -> organizations (organization_uuid));
 joinable!(ciphers -> users (user_uuid));
+joinable!(ciphers_collections -> ciphers (cipher_uuid));
+joinable!(ciphers_collections -> collections (collection_uuid));
 joinable!(collections -> organizations (org_uuid));
 joinable!(devices -> users (user_uuid));
 joinable!(folders -> users (user_uuid));
@@ -131,14 +134,13 @@ joinable!(folders_ciphers -> ciphers (cipher_uuid));
 joinable!(folders_ciphers -> folders (folder_uuid));
 joinable!(users_collections -> collections (collection_uuid));
 joinable!(users_collections -> users (user_uuid));
-joinable!(ciphers_collections -> collections (collection_uuid));
-joinable!(ciphers_collections -> ciphers (cipher_uuid));
 joinable!(users_organizations -> organizations (org_uuid));
 joinable!(users_organizations -> users (user_uuid));
 
 allow_tables_to_appear_in_same_query!(
     attachments,
     ciphers,
+    ciphers_collections,
     collections,
     devices,
     folders,
@@ -146,6 +148,5 @@ allow_tables_to_appear_in_same_query!(
     organizations,
     users,
     users_collections,
-    ciphers_collections,
     users_organizations,
 );