1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-06-11 05:23:53 +00:00

Implement user duo, initial version

TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
This commit is contained in:
Daniel García 2019-04-05 22:09:53 +02:00
parent 3bb46ce496
commit cfbeb56371
No known key found for this signature in database
GPG key ID: FC8A7D14C3CD543A
5 changed files with 312 additions and 62 deletions

View file

@ -178,6 +178,7 @@ fn twofactor_auth(
Some(TwoFactorType::Authenticator) => _tf::validate_totp_code_str(twofactor_code, &selected_data?)?,
Some(TwoFactorType::U2f) => _tf::validate_u2f_login(user_uuid, twofactor_code, conn)?,
Some(TwoFactorType::YubiKey) => _tf::validate_yubikey_login(twofactor_code, &selected_data?)?,
Some(TwoFactorType::Duo) => _tf::validate_duo_login(twofactor_code, &selected_data?)?,
Some(TwoFactorType::Remember) => {
match device.twofactor_remember {
@ -237,13 +238,33 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
}
let mut map = JsonMap::new();
use serde_json;
let challenge_list_str = serde_json::to_string(&challenge_list).unwrap();
map.insert("Challenges".into(), Value::String(challenge_list_str));
result["TwoFactorProviders2"][provider.to_string()] = Value::Object(map);
}
Some(tf_type @ TwoFactorType::Duo) => {
let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, &conn) {
Some(tf) => tf,
None => err!("No Duo devices registered"),
};
let duo_data: two_factor::DuoData = serde_json::from_str(&twofactor.data)?;
let email = match User::find_by_uuid(user_uuid, &conn) {
Some(u) => u.email,
None => err!("User does not exist")
};
let signature = two_factor::generate_duo_signature(&duo_data, &email);
let mut map = JsonMap::new();
map.insert("Host".into(), Value::String(duo_data.host));
map.insert("Signature".into(), Value::String(signature));
result["TwoFactorProviders2"][provider.to_string()] = Value::Object(map);
}
Some(tf_type @ TwoFactorType::YubiKey) => {
let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, &conn) {
Some(tf) => tf,
@ -251,7 +272,7 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
};
let yubikey_metadata: two_factor::YubikeyMetadata =
serde_json::from_str(&twofactor.data).expect("Can't parse Yubikey Metadata");
serde_json::from_str(&twofactor.data)?;
let mut map = JsonMap::new();
map.insert("Nfc".into(), Value::Bool(yubikey_metadata.Nfc));