Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.

2025-05-22 11:33:57 +00:00 · 2018-07-12 21:46:50 +02:00 · 2018-07-12 21:46:50 +02:00 · dae92b9018
commit dae92b9018
parent dde7c0d99b
17 changed files with 816 additions and 272 deletions
--- a/src/api/web.rs
+++ b/src/api/web.rs
@ -4,13 +4,13 @@ use std::path::{Path, PathBuf};
 use rocket::request::Request;
 use rocket::response::{self, NamedFile, Responder};
 use rocket::Route;
-use rocket_contrib::Json;
+use rocket_contrib::{Json, Value};

 use CONFIG;

 pub fn routes() -> Vec<Route> {
    if CONFIG.web_vault_enabled {
-        routes![web_index, web_files, attachments, alive]
+        routes![web_index, app_id, web_files, attachments, alive]
    } else {
        routes![attachments, alive]
    }
@ -22,6 +22,20 @@ fn web_index() -> WebHeaders<io::Result<NamedFile>> {
    web_files("index.html".into())
 }

+#[get("/app-id.json")]
+fn app_id() -> WebHeaders<Json<Value>> {
+    WebHeaders(Json(json!({
+    "trustedFacets": [
+        {
+        "version": { "major": 1, "minor": 0 },
+        "ids": [
+            &CONFIG.domain,
+            "ios:bundle-id:com.8bit.bitwarden",
+            "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ]
+        }]
+    })))
+}
+
 #[get("/<p..>", rank = 1)] // Only match this if the other routes don't match
 fn web_files(p: PathBuf) -> WebHeaders<io::Result<NamedFile>> {
    WebHeaders(NamedFile::open(Path::new(&CONFIG.web_vault_folder).join(p)))