Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.

2025-10-31 02:08:20 +02:00 · 2018-07-12 21:46:50 +02:00
parent dde7c0d99b
commit dae92b9018
17 changed files with 816 additions and 272 deletions
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -11,11 +11,11 @@ use serde::ser::Serialize;
 use CONFIG;

 const JWT_ALGORITHM: jwt::Algorithm = jwt::Algorithm::RS256;
- // TODO: This isn't used, but we  should make sure it represents the correct address
-pub const JWT_ISSUER: &str = "localhost:8000/identity";

 lazy_static! {
    pub static ref DEFAULT_VALIDITY: Duration = Duration::hours(2);
+    pub static ref JWT_ISSUER: String = CONFIG.domain.clone();
+
    static ref JWT_HEADER: jwt::Header = jwt::Header::new(JWT_ALGORITHM);

    static ref PRIVATE_RSA_KEY: Vec<u8> = match read_file(&CONFIG.private_rsa_key) {
@@ -43,7 +43,7 @@ pub fn decode_jwt(token: &str) -> Result<JWTClaims, String> {
        validate_iat: true,
        validate_nbf: true,
        aud: None,
-        iss: Some(JWT_ISSUER.into()),
+        iss: Some(JWT_ISSUER.clone()),
        sub: None,
        algorithms: vec![JWT_ALGORITHM],
    };