Documented U2F, removed debug prints, and documented missing features

2025-06-23 11:42:49 +00:00 · 2018-07-13 15:58:50 +02:00 · 2018-07-13 15:58:50 +02:00 · 819622e310
commit 819622e310
parent 970863ffb1
4 changed files with 58 additions and 34 deletions
--- a/src/api/core/two_factor.rs
+++ b/src/api/core/two_factor.rs
@ -217,6 +217,10 @@ lazy_static! {

 #[post("/two-factor/get-u2f", data = "<data>")]
 fn generate_u2f(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult {
+    if !CONFIG.domain_set {
+        err!("`DOMAIN` environment variable is not set. U2F disabled")
+    }
+
    let data: PasswordData = data.into_inner().data;

    if !headers.user.check_valid_password(&data.MasterPasswordHash) {
@ -299,8 +303,6 @@ fn activate_u2f(data: JsonUpcase<EnableU2FData>, headers: Headers, conn: DbConn)
            .delete(&conn)
            .expect("Error deleting U2F register challenge");

-        println!("RegisterResponse {:#?}", &data.DeviceResponse);
-
        let response_copy: RegisterResponseCopy =
            serde_json::from_str(&data.DeviceResponse).expect("Can't parse RegisterResponse data");

@ -388,7 +390,6 @@ impl Into<Registration> for RegistrationCopy {
 }

 fn _parse_registrations(registations: &str) -> Vec<Registration> {
-    println!("Registrations {:#?}", registations);
    let registrations_copy: Vec<RegistrationCopy> =
        serde_json::from_str(registations).expect("Can't parse RegistrationCopy data");

@ -418,8 +419,6 @@ pub fn validate_u2f_login(user_uuid: &str, response: &str, conn: &DbConn) -> Api

    let challenge = match tf_challenge {
        Some(tf_challenge) => {
-            println!("challenge {:#?}", &tf_challenge.data);
-
            let challenge: Challenge = serde_json::from_str(&tf_challenge.data)
                .expect("Can't parse U2fLoginChallenge data");
            tf_challenge
@ -437,8 +436,6 @@ pub fn validate_u2f_login(user_uuid: &str, response: &str, conn: &DbConn) -> Api

    let registrations = _parse_registrations(&twofactor.data);

-    println!("response {:#?}", response);
-
    let response: SignResponse =
        serde_json::from_str(response).expect("Can't parse SignResponse data");

--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@ -14,6 +14,8 @@ use util::{self, JsonMap};

 use api::{ApiResult, JsonResult};

+use CONFIG;
+
 pub fn routes() -> Vec<Route> {
    routes![login]
 }
@ -216,7 +218,7 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
        match TwoFactorType::from_i32(*provider) {
            Some(TwoFactorType::Authenticator) => { /* Nothing to do for TOTP */ }

-            Some(TwoFactorType::U2f) => {
+            Some(TwoFactorType::U2f) if CONFIG.domain_set => {
                let request = two_factor::generate_u2f_login(user_uuid, conn)?;
                let mut challenge_list = Vec::new();

--- a/src/util.rs
+++ b/src/util.rs
@ -3,7 +3,8 @@
 ///
 #[macro_export]
 macro_rules! err {
-    ($err:expr, $err_desc:expr, $msg:expr) => {
+    ($err:expr, $err_desc:expr, $msg:expr) => {{
+        println!("ERROR: {}", $msg);
        err_json!(json!({
          "error": $err,
          "error_description": $err_desc,
@ -13,14 +14,13 @@ macro_rules! err {
            "Object": "error"
          }
        }))
-    };
+    }};
    ($msg:expr) => { err!("default_error", "default_error_description", $msg) }
 }

 #[macro_export]
 macro_rules! err_json {
    ($expr:expr) => {{
-        println!("ERROR: {}", $expr);
        return Err($crate::rocket::response::status::BadRequest(Some($crate::rocket_contrib::Json($expr))));
    }}
 }