Fix an issue with yubico keys not validating

When adding or updating yubico otp keys there were some issues with the validation. Looks like the web-vault sends all keys, not only filled-in keys, which triggered a check on empty keys. Also, we should only return filled-in keys, not the empty ones too. Fixes #5986 Signed-off-by: BlackDex <black.dex@gmail.com>
2025-09-22 01:22:41 +00:00 · 2025-06-26 16:51:08 +02:00 · 2025-06-26 16:51:08 +02:00 · 33d7486516
commit 33d7486516
parent 9059437c35
1 changed files with 11 additions and 3 deletions
--- a/src/api/core/two_factor/yubikey.rs
+++ b/src/api/core/two_factor/yubikey.rs
@ -145,15 +145,23 @@ async fn activate_yubikey(data: Json<EnableYubikeyData>, headers: Headers, mut c

    // Ensure they are valid OTPs
    for yubikey in &yubikeys {
-        if yubikey.len() == 12 {
-            // YubiKey ID
+        if yubikey.is_empty() || yubikey.len() == 12 {
            continue;
        }

        verify_yubikey_otp(yubikey.to_owned()).await.map_res("Invalid Yubikey OTP provided")?;
    }

-    let yubikey_ids: Vec<String> = yubikeys.into_iter().map(|x| (x[..12]).to_owned()).collect();
+    let yubikey_ids: Vec<String> = yubikeys
+        .into_iter()
+        .filter_map(|x| {
+            if x.len() >= 12 {
+                Some((x[..12]).to_owned())
+            } else {
+                None
+            }
+        })
+        .collect();

    let yubikey_metadata = YubikeyMetadata {
        keys: yubikey_ids,