mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-05 02:28:00 +01:00
Code Issues Releases Aktivität
vaultwarden/src/api/identity.rs

497 Zeilen
18 KiB
Rust
Originalformat Normale Ansicht Verlauf

Add email notifications for incomplete 2FA logins An incomplete 2FA login is one where the correct master password was provided, but the 2FA token or action required to complete the login was not provided within the configured time limit. This potentially indicates that the user's master password has been compromised, but the login was blocked by 2FA. Be aware that the 2FA step can usually still be completed after the email notification has already been sent out, which could be confusing. Therefore, the incomplete 2FA time limit should be long enough that this situation would be unlikely. This feature can also be disabled entirely if desired.
2021-10-25 10:36:05 +02:00
use chrono::Utc;
Add email code logic and move two_factor into separate modules
2019-08-03 18:47:52 +02:00
use num_traits::FromPrimitive;
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
use rocket::serde::json::Json;
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
use rocket::{
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
form::{Form, FromForm},
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
Route,
};
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
use serde_json::Value;
First working version
2018-02-10 01:00:55 +01:00
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
use crate::{
api::{
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
core::accounts::{PreloginData, _prelogin},
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
core::two_factor::{duo, email, email::EmailTokenData, yubikey},
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
ApiResult, EmptyResult, JsonResult, JsonUpcase,
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
},
auth::ClientIp,
db::{models::*, DbConn},
error::MapResult,
mail, util, CONFIG,
};
Documented U2F, removed debug prints, and documented missing features
2018-07-13 15:58:50 +02:00
First working version
2018-02-10 01:00:55 +01:00
pub fn routes() -> Vec<Route> {
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
routes![login, prelogin]
First working version
2018-02-10 01:00:55 +01:00
}
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
#[post("/connect/token", data = "<data>")]
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
async fn login(data: Form<ConnectData>, conn: DbConn, ip: ClientIp) -> JsonResult {
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
let data: ConnectData = data.into_inner();
First working version
2018-02-10 01:00:55 +01:00
Implement fromform, and ignore case and underscores, fixes #298
2018-12-16 20:00:16 +01:00
match data.grant_type.as_ref() {
"refresh_token" => {
_check_is_some(&data.refresh_token, "refresh_token cannot be blank")?;
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
_refresh_login(data, conn).await
Implement fromform, and ignore case and underscores, fixes #298
2018-12-16 20:00:16 +01:00
}
"password" => {
_check_is_some(&data.client_id, "client_id cannot be blank")?;
_check_is_some(&data.password, "password cannot be blank")?;
_check_is_some(&data.scope, "scope cannot be blank")?;
_check_is_some(&data.username, "username cannot be blank")?;
_check_is_some(&data.device_identifier, "device_identifier cannot be blank")?;
_check_is_some(&data.device_name, "device_name cannot be blank")?;
_check_is_some(&data.device_type, "device_type cannot be blank")?;
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
_password_login(data, conn, &ip).await
Implement fromform, and ignore case and underscores, fixes #298
2018-12-16 20:00:16 +01:00
}
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
"client_credentials" => {
_check_is_some(&data.client_id, "client_id cannot be blank")?;
_check_is_some(&data.client_secret, "client_secret cannot be blank")?;
_check_is_some(&data.scope, "scope cannot be blank")?;
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
_api_key_login(data, conn, &ip).await
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
}
Implement fromform, and ignore case and underscores, fixes #298
2018-12-16 20:00:16 +01:00
t => err!("Invalid type", t),
Improved two factor auth
2018-06-01 15:08:03 +02:00
}
}
First working version
2018-02-10 01:00:55 +01:00
Update to diesel2
2022-05-20 23:39:47 +02:00
async fn _refresh_login(data: ConnectData, mut conn: DbConn) -> JsonResult {
Improved two factor auth
2018-06-01 15:08:03 +02:00
// Extract token
Improve login query parsing
2018-10-17 22:25:28 +02:00
let token = data.refresh_token.unwrap();
First working version
2018-02-10 01:00:55 +01:00
Improved two factor auth
2018-06-01 15:08:03 +02:00
// Get device by refresh token
Update to diesel2
2022-05-20 23:39:47 +02:00
let mut device = Device::find_by_refresh_token(&token, &mut conn).await.map_res("Invalid refresh token")?;
Improved two factor auth
2018-06-01 15:08:03 +02:00
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
let scope = "api offline_access";
let scope_vec = vec!["api".into(), "offline_access".into()];
// Common
Update to diesel2
2022-05-20 23:39:47 +02:00
let user = User::find_by_uuid(&device.user_uuid, &mut conn).await.unwrap();
let orgs = UserOrganization::find_confirmed_by_user(&user.uuid, &mut conn).await;
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
let (access_token, expires_in) = device.refresh_tokens(&user, orgs, scope_vec);
Update to diesel2
2022-05-20 23:39:47 +02:00
device.save(&mut conn).await?;
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-19 21:52:53 +01:00
Ok(Json(json!({
"access_token": access_token,
"expires_in": expires_in,
"token_type": "Bearer",
"refresh_token": device.refresh_token,
Fix key and type variable names for mysql
2019-05-20 21:24:29 +02:00
"Key": user.akey,
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-19 21:52:53 +01:00
"PrivateKey": user.private_key,
Fix unlock on desktop clients
2020-08-04 15:12:04 +02:00
"Kdf": user.client_kdf_type,
"KdfIterations": user.client_kdf_iter,
"ResetMasterPassword": false, // TODO: according to official server seems something like: user.password_hash.is_empty(), but would need testing
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
"scope": scope,
Update web vault and add unnoficialserver response
2021-04-06 20:38:22 +02:00
"unofficialServer": true,
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-19 21:52:53 +01:00
})))
Improved two factor auth
2018-06-01 15:08:03 +02:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
async fn _password_login(data: ConnectData, mut conn: DbConn, ip: &ClientIp) -> JsonResult {
Improved two factor auth
2018-06-01 15:08:03 +02:00
// Validate scope
Improve login query parsing
2018-10-17 22:25:28 +02:00
let scope = data.scope.as_ref().unwrap();
Improved two factor auth
2018-06-01 15:08:03 +02:00
if scope != "api offline_access" {
err!("Scope not supported")
}
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
let scope_vec = vec!["api".into(), "offline_access".into()];
Improved two factor auth
2018-06-01 15:08:03 +02:00
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
// Ratelimit the login
crate::ratelimit::check_limit_login(&ip.ip)?;
Improved two factor auth
2018-06-01 15:08:03 +02:00
// Get the user
Update login API code - Updated jsonwebtoken to latest version - Trim `username` received from the login form ( Fixes #2348 ) - Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 ) - Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-03 21:00:10 +01:00
let username = data.username.as_ref().unwrap().trim();
Update to diesel2
2022-05-20 23:39:47 +02:00
let user = match User::find_by_mail(username, &mut conn).await {
Improved two factor auth
2018-06-01 15:08:03 +02:00
Some(user) => user,
Modify rustfmt file
2021-04-06 22:54:42 +02:00
None => err!("Username or password is incorrect. Try again", format!("IP: {}. Username: {}.", ip.ip, username)),
Improved two factor auth
2018-06-01 15:08:03 +02:00
};
First working version
2018-02-10 01:00:55 +01:00
Improved two factor auth
2018-06-01 15:08:03 +02:00
// Check password
Improve login query parsing
2018-10-17 22:25:28 +02:00
let password = data.password.as_ref().unwrap();
Improved two factor auth
2018-06-01 15:08:03 +02:00
if !user.check_valid_password(password) {
Modify rustfmt file
2021-04-06 22:54:42 +02:00
err!("Username or password is incorrect. Try again", format!("IP: {}. Username: {}.", ip.ip, username))
Improved two factor auth
2018-06-01 15:08:03 +02:00
}
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
Implement admin ability to enable/disable users
2020-11-30 23:12:56 +01:00
// Check if the user is disabled
if !user.enabled {
Modify rustfmt file
2021-04-06 22:54:42 +02:00
err!("This user has been disabled", format!("IP: {}. Username: {}.", ip.ip, username))
Implement admin ability to enable/disable users
2020-11-30 23:12:56 +01:00
}
Add email notifications for incomplete 2FA logins An incomplete 2FA login is one where the correct master password was provided, but the 2FA token or action required to complete the login was not provided within the configured time limit. This potentially indicates that the user's master password has been compromised, but the login was blocked by 2FA. Be aware that the 2FA step can usually still be completed after the email notification has already been sent out, which could be confusing. Therefore, the incomplete 2FA time limit should be long enough that this situation would be unlikely. This feature can also be disabled entirely if desired.
2021-10-25 10:36:05 +02:00
let now = Utc::now().naive_utc();
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-08 06:30:18 +02:00
Fix some lints
2019-12-06 22:12:41 +01:00
if user.verified_at.is_none() && CONFIG.mail_enabled() && CONFIG.signups_verify() {
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
if user.last_verifying_at.is_none()
|| now.signed_duration_since(user.last_verifying_at.unwrap()).num_seconds()
> CONFIG.signups_verify_resend_time() as i64
{
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 06:28:49 +01:00
let resend_limit = CONFIG.signups_verify_resend_limit() as i32;
if resend_limit == 0 || user.login_verify_count < resend_limit {
// We want to send another email verification if we require signups to verify
// their email address, and we haven't sent them a reminder in a while...
let mut user = user;
user.last_verifying_at = Some(now);
Fix some lints
2019-12-06 22:12:41 +01:00
user.login_verify_count += 1;
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 06:28:49 +01:00
Update to diesel2
2022-05-20 23:39:47 +02:00
if let Err(e) = user.save(&mut conn).await {
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 06:28:49 +01:00
error!("Error updating user: {:#?}", e);
}
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
if let Err(e) = mail::send_verify_email(&user.email, &user.uuid).await {
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 06:28:49 +01:00
error!("Error auto-sending email verification email: {:#?}", e);
}
}
}
// We still want the login to fail until they actually verified the email address
Modify rustfmt file
2021-04-06 22:54:42 +02:00
err!("Please verify your email before trying again.", format!("IP: {}. Username: {}.", ip.ip, username))
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 06:28:49 +01:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
let (mut device, new_device) = get_device(&data, &mut conn, &user).await;
Add new device email when user logs in
2019-07-22 08:26:24 +02:00
Update to diesel2
2022-05-20 23:39:47 +02:00
let twofactor_token = twofactor_auth(&user.uuid, &data, &mut device, ip, &mut conn).await?;
First working version
2018-02-10 01:00:55 +01:00
Move send device email to end of password login Send new device email after two factor authentication.
2019-07-25 20:47:58 +02:00
if CONFIG.mail_enabled() && new_device {
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
if let Err(e) = mail::send_new_device_logged_in(&user.email, &ip.ip.to_string(), &now, &device.name).await {
Ignore error sending device email
2019-08-18 19:32:26 +02:00
error!("Error sending new device email: {:#?}", e);
Add option to require new device emails
2019-08-19 22:14:00 +02:00
if CONFIG.require_device_email() {
err!("Could not send login notification email. Please contact your administrator.")
}
Ignore error sending device email
2019-08-18 19:32:26 +02:00
}
Move send device email to end of password login Send new device email after two factor authentication.
2019-07-25 20:47:58 +02:00
}
Improved two factor auth
2018-06-01 15:08:03 +02:00
// Common
Update to diesel2
2022-05-20 23:39:47 +02:00
let orgs = UserOrganization::find_confirmed_by_user(&user.uuid, &mut conn).await;
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
let (access_token, expires_in) = device.refresh_tokens(&user, orgs, scope_vec);
Update to diesel2
2022-05-20 23:39:47 +02:00
device.save(&mut conn).await?;
First working version
2018-02-10 01:00:55 +01:00
Improved two factor auth
2018-06-01 15:08:03 +02:00
let mut result = json!({
First working version
2018-02-10 01:00:55 +01:00
"access_token": access_token,
"expires_in": expires_in,
"token_type": "Bearer",
"refresh_token": device.refresh_token,
Fix key and type variable names for mysql
2019-05-20 21:24:29 +02:00
"Key": user.akey,
Improved two factor auth
2018-06-01 15:08:03 +02:00
"PrivateKey": user.private_key,
Add email authenticator logic
2019-08-04 16:56:39 +02:00
//"TwoFactorToken": "11122233333444555666777888999"
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
Fix unlock on desktop clients
2020-08-04 15:12:04 +02:00
"Kdf": user.client_kdf_type,
"KdfIterations": user.client_kdf_iter,
"ResetMasterPassword": false,// TODO: Same as above
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
"scope": scope,
Update web vault and add unnoficialserver response
2021-04-06 20:38:22 +02:00
"unofficialServer": true,
Improved two factor auth
2018-06-01 15:08:03 +02:00
});
if let Some(token) = twofactor_token {
result["TwoFactorToken"] = Value::String(token);
}
Close #264. Usernames and IP addresses are logged on successful authentication
2018-12-11 21:20:06 +01:00
info!("User {} logged in successfully. IP: {}", username, ip.ip);
Improved two factor auth
2018-06-01 15:08:03 +02:00
Ok(Json(result))
}
Update to diesel2
2022-05-20 23:39:47 +02:00
async fn _api_key_login(data: ConnectData, mut conn: DbConn, ip: &ClientIp) -> JsonResult {
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
// Validate scope
let scope = data.scope.as_ref().unwrap();
if scope != "api" {
err!("Scope not supported")
}
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
let scope_vec = vec!["api".into()];
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
// Ratelimit the login
crate::ratelimit::check_limit_login(&ip.ip)?;
// Get the user via the client_id
let client_id = data.client_id.as_ref().unwrap();
let user_uuid = match client_id.strip_prefix("user.") {
Some(uuid) => uuid,
None => err!("Malformed client_id", format!("IP: {}.", ip.ip)),
};
Update to diesel2
2022-05-20 23:39:47 +02:00
let user = match User::find_by_uuid(user_uuid, &mut conn).await {
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
Some(user) => user,
None => err!("Invalid client_id", format!("IP: {}.", ip.ip)),
};
// Check if the user is disabled
if !user.enabled {
err!("This user has been disabled (API key login)", format!("IP: {}. Username: {}.", ip.ip, user.email))
}
// Check API key. Note that API key logins bypass 2FA.
let client_secret = data.client_secret.as_ref().unwrap();
if !user.check_valid_api_key(client_secret) {
err!("Incorrect client_secret", format!("IP: {}. Username: {}.", ip.ip, user.email))
}
Update to diesel2
2022-05-20 23:39:47 +02:00
let (mut device, new_device) = get_device(&data, &mut conn, &user).await;
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
if CONFIG.mail_enabled() && new_device {
let now = Utc::now().naive_utc();
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
if let Err(e) = mail::send_new_device_logged_in(&user.email, &ip.ip.to_string(), &now, &device.name).await {
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
error!("Error sending new device email: {:#?}", e);
if CONFIG.require_device_email() {
err!("Could not send login notification email. Please contact your administrator.")
}
}
}
// Common
Update to diesel2
2022-05-20 23:39:47 +02:00
let orgs = UserOrganization::find_confirmed_by_user(&user.uuid, &mut conn).await;
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
let (access_token, expires_in) = device.refresh_tokens(&user, orgs, scope_vec);
Update to diesel2
2022-05-20 23:39:47 +02:00
device.save(&mut conn).await?;
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
info!("User {} logged in successfully via API key. IP: {}", user.email, ip.ip);
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
// Note: No refresh_token is returned. The CLI just repeats the
// client_credentials login flow when the existing token expires.
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
Ok(Json(json!({
"access_token": access_token,
"expires_in": expires_in,
"token_type": "Bearer",
"Key": user.akey,
"PrivateKey": user.private_key,
"Kdf": user.client_kdf_type,
"KdfIterations": user.client_kdf_iter,
"ResetMasterPassword": false, // TODO: Same as above
Fix `scope` and `refresh_token` for API key logins API key logins use a scope of `api`, not `api offline_access`. Since `offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 06:50:58 +01:00
"scope": scope,
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
"unofficialServer": true,
})))
}
Move send device email to end of password login Send new device email after two factor authentication.
2019-07-25 20:47:58 +02:00
/// Retrieves an existing device or creates a new device from ConnectData and the User
Update to diesel2
2022-05-20 23:39:47 +02:00
async fn get_device(data: &ConnectData, conn: &mut DbConn, user: &User) -> (Device, bool) {
Move retrieve/new device from connData to separate function
2019-07-22 08:24:19 +02:00
// On iOS, device_type sends "iOS", on others it sends a number
let device_type = util::try_parse_string(data.device_type.as_ref()).unwrap_or(0);
let device_id = data.device_identifier.clone().expect("No device id provided");
let device_name = data.device_name.clone().expect("No device name provided");
let mut new_device = false;
// Find device or create new
Update login API code - Updated jsonwebtoken to latest version - Trim `username` received from the login form ( Fixes #2348 ) - Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 ) - Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-03 21:00:10 +01:00
let device = match Device::find_by_uuid_and_user(&device_id, &user.uuid, conn).await {
Some(device) => device,
Move retrieve/new device from connData to separate function
2019-07-22 08:24:19 +02:00
None => {
new_device = true;
Device::new(device_id, user.uuid.clone(), device_name, device_type)
}
};
Move send device email to end of password login Send new device email after two factor authentication.
2019-07-25 20:47:58 +02:00
(device, new_device)
Move retrieve/new device from connData to separate function
2019-07-22 08:24:19 +02:00
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
async fn twofactor_auth(
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
user_uuid: &str,
data: &ConnectData,
device: &mut Device,
Add ip on totp miss
2020-05-14 00:19:50 +02:00
ip: &ClientIp,
Update to diesel2
2022-05-20 23:39:47 +02:00
conn: &mut DbConn,
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
) -> ApiResult<Option<String>> {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
let twofactors = TwoFactor::find_by_user(user_uuid, conn).await;
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
// No twofactor token if twofactor is disabled
Fixed some lint issues
2018-09-13 21:55:23 +02:00
if twofactors.is_empty() {
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
return Ok(None);
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
TwoFactorIncomplete::mark_incomplete(user_uuid, &device.uuid, &device.name, ip, conn).await?;
Add email notifications for incomplete 2FA logins An incomplete 2FA login is one where the correct master password was provided, but the 2FA token or action required to complete the login was not provided within the configured time limit. This potentially indicates that the user's master password has been compromised, but the login was blocked by 2FA. Be aware that the 2FA step can usually still be completed after the email notification has already been sent out, which could be confusing. Therefore, the incomplete 2FA time limit should be long enough that this situation would be unlikely. This feature can also be disabled entirely if desired.
2021-10-25 10:36:05 +02:00
Fix key and type variable names for mysql
2019-05-20 21:24:29 +02:00
let twofactor_ids: Vec<_> = twofactors.iter().map(|tf| tf.atype).collect();
Added option to force 2fa at logins and made some changes to two factor code. Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
let selected_id = data.two_factor_provider.unwrap_or(twofactor_ids[0]); // If we aren't given a two factor provider, asume the first one
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
Improve login query parsing
2018-10-17 22:25:28 +02:00
let twofactor_code = match data.two_factor_token {
Some(ref code) => code,
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
None => err_json!(_json_err_twofactor(&twofactor_ids, user_uuid, conn).await?, "2FA token not provided"),
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
};
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
let selected_twofactor = twofactors.into_iter().find(|tf| tf.atype == selected_id && tf.enabled);
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
Added option to force 2fa at logins and made some changes to two factor code. Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
use crate::api::core::two_factor as _tf;
use crate::crypto::ct_eq;
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
Added option to force 2fa at logins and made some changes to two factor code. Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
let selected_data = _selected_data(selected_twofactor);
let mut remember = data.two_factor_remember.unwrap_or(0);
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
Added option to force 2fa at logins and made some changes to two factor code. Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
match TwoFactorType::from_i32(selected_id) {
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
Some(TwoFactorType::Authenticator) => {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
_tf::authenticator::validate_totp_code_str(user_uuid, twofactor_code, &selected_data?, ip, conn).await?
}
Some(TwoFactorType::Webauthn) => {
_tf::webauthn::validate_webauthn_login(user_uuid, twofactor_code, conn).await?
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
}
Add email code logic and move two_factor into separate modules
2019-08-03 18:47:52 +02:00
Some(TwoFactorType::YubiKey) => _tf::yubikey::validate_yubikey_login(twofactor_code, &selected_data?)?,
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
Some(TwoFactorType::Duo) => {
Update login API code - Updated jsonwebtoken to latest version - Trim `username` received from the login form ( Fixes #2348 ) - Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 ) - Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-03 21:00:10 +01:00
_tf::duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await?
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
}
Some(TwoFactorType::Email) => {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
_tf::email::validate_email_code_str(user_uuid, twofactor_code, &selected_data?, conn).await?
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
}
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
Added option to force 2fa at logins and made some changes to two factor code. Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
Some(TwoFactorType::Remember) => {
match device.twofactor_remember {
Some(ref code) if !CONFIG.disable_2fa_remember() && ct_eq(code, twofactor_code) => {
remember = 1; // Make sure we also return the token here, otherwise it will only remember the first time
}
Modify rustfmt file
2021-04-06 22:54:42 +02:00
_ => {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
err_json!(
_json_err_twofactor(&twofactor_ids, user_uuid, conn).await?,
"2FA Remember token not provided"
)
Modify rustfmt file
2021-04-06 22:54:42 +02:00
}
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
}
}
_ => err!("Invalid two factor provider"),
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
TwoFactorIncomplete::mark_complete(user_uuid, &device.uuid, conn).await?;
Add email notifications for incomplete 2FA logins An incomplete 2FA login is one where the correct master password was provided, but the 2FA token or action required to complete the login was not provided within the configured time limit. This potentially indicates that the user's master password has been compromised, but the login was blocked by 2FA. Be aware that the 2FA step can usually still be completed after the email notification has already been sent out, which could be confusing. Therefore, the incomplete 2FA time limit should be long enough that this situation would be unlikely. This feature can also be disabled entirely if desired.
2021-10-25 10:36:05 +02:00
Added option to force 2fa at logins and made some changes to two factor code. Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
if !CONFIG.disable_2fa_remember() && remember == 1 {
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
Ok(Some(device.refresh_twofactor_remember()))
} else {
device.delete_twofactor_remember();
Ok(None)
}
}
Added option to force 2fa at logins and made some changes to two factor code. Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
fn _selected_data(tf: Option<TwoFactor>) -> ApiResult<String> {
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
tf.map(|t| t.data).map_res("Two factor doesn't exist")
Added option to force 2fa at logins and made some changes to two factor code. Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
async fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &mut DbConn) -> ApiResult<Value> {
Migrate to rust 2018 edition
2018-12-07 02:05:45 +01:00
use crate::api::core::two_factor;
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
let mut result = json!({
Improved two factor auth
2018-06-01 15:08:03 +02:00
"error" : "invalid_grant",
"error_description" : "Two factor required.",
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
"TwoFactorProviders" : providers,
"TwoFactorProviders2" : {} // { "0" : null }
});
for provider in providers {
result["TwoFactorProviders2"][provider.to_string()] = Value::Null;
match TwoFactorType::from_i32(*provider) {
Some(TwoFactorType::Authenticator) => { /* Nothing to do for TOTP */ }
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
Some(TwoFactorType::Webauthn) if CONFIG.domain_set() => {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
let request = two_factor::webauthn::generate_webauthn_login(user_uuid, conn).await?;
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
result["TwoFactorProviders2"][provider.to_string()] = request.0;
}
Add global duo config and document options in .env template
2019-04-07 18:58:15 +02:00
Some(TwoFactorType::Duo) => {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
let email = match User::find_by_uuid(user_uuid, conn).await {
Implement user duo, initial version TODO: - At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting. - Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
Some(u) => u.email,
Add global duo config and document options in .env template
2019-04-07 18:58:15 +02:00
None => err!("User does not exist"),
Implement user duo, initial version TODO: - At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting. - Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
};
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
let (signature, host) = duo::generate_duo_signature(&email, conn).await?;
Implement user duo, initial version TODO: - At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting. - Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
Add global duo config and document options in .env template
2019-04-07 18:58:15 +02:00
result["TwoFactorProviders2"][provider.to_string()] = json!({
Use users duo host when required, instead of always using the global one
2019-04-15 13:06:42 +02:00
"Host": host,
Add global duo config and document options in .env template
2019-04-07 18:58:15 +02:00
"Signature": signature,
});
Implement user duo, initial version TODO: - At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting. - Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
}
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
Some(tf_type @ TwoFactorType::YubiKey) => {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, conn).await {
Fixes NFC Response for Mobile Login
2018-11-17 09:25:07 +01:00
Some(tf) => tf,
None => err!("No YubiKey devices registered"),
};
Add email code logic and move two_factor into separate modules
2019-08-03 18:47:52 +02:00
let yubikey_metadata: yubikey::YubikeyMetadata = serde_json::from_str(&twofactor.data)?;
Fixes NFC Response for Mobile Login
2018-11-17 09:25:07 +01:00
Add global duo config and document options in .env template
2019-04-07 18:58:15 +02:00
result["TwoFactorProviders2"][provider.to_string()] = json!({
"Nfc": yubikey_metadata.Nfc,
})
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
}
Add email authenticator logic
2019-08-04 16:56:39 +02:00
Some(tf_type @ TwoFactorType::Email) => {
Send email when preparing 2FA JsonError
2019-10-15 21:19:49 +02:00
use crate::api::core::two_factor as _tf;
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, conn).await {
Add email authenticator logic
2019-08-04 16:56:39 +02:00
Some(tf) => tf,
None => err!("No twofactor email registered"),
};
Add email code logic and move two_factor into separate modules
2019-08-03 18:47:52 +02:00
Send email when preparing 2FA JsonError
2019-10-15 21:19:49 +02:00
// Send email immediately if email is the only 2FA option
if providers.len() == 1 {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
_tf::email::send_token(user_uuid, conn).await?
Send email when preparing 2FA JsonError
2019-10-15 21:19:49 +02:00
}
Add email code logic and move two_factor into separate modules
2019-08-03 18:47:52 +02:00
Send email when preparing 2FA JsonError
2019-10-15 21:19:49 +02:00
let email_data = EmailTokenData::from_json(&twofactor.data)?;
Add email code logic and move two_factor into separate modules
2019-08-03 18:47:52 +02:00
result["TwoFactorProviders2"][provider.to_string()] = json!({
Remove some unused imports, unneeded mut variables
2019-08-03 20:09:20 +02:00
"Email": email::obscure_email(&email_data.email),
Add email code logic and move two_factor into separate modules
2019-08-03 18:47:52 +02:00
})
Add email authenticator logic
2019-08-04 16:56:39 +02:00
}
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
_ => {}
}
}
Ok(result)
Improved two factor auth
2018-06-01 15:08:03 +02:00
}
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
#[post("/accounts/prelogin", data = "<data>")]
async fn prelogin(data: JsonUpcase<PreloginData>, conn: DbConn) -> Json<Value> {
_prelogin(data, conn).await
}
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
// https://github.com/bitwarden/jslib/blob/master/common/src/models/request/tokenRequest.ts
Handle `devicePushToken` Mobile push isn't currently supported, but this should get rid of spurious `Detected unexpected parameter during login: devicepushtoken` warnings.
2020-03-22 23:04:25 +01:00
// https://github.com/bitwarden/mobile/blob/master/src/Core/Models/Request/TokenRequest.cs
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[derive(Debug, Clone, Default, FromForm)]
Improve login query parsing
2018-10-17 22:25:28 +02:00
#[allow(non_snake_case)]
First working version
2018-02-10 01:00:55 +01:00
struct ConnectData {
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("grant_type"))]
#[field(name = uncased("granttype"))]
grant_type: String, // refresh_token, password, client_credentials (API key)
First working version
2018-02-10 01:00:55 +01:00
Improve login query parsing
2018-10-17 22:25:28 +02:00
// Needed for grant_type="refresh_token"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("refresh_token"))]
#[field(name = uncased("refreshtoken"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
refresh_token: Option<String>,
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
// Needed for grant_type = "password" | "client_credentials"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("client_id"))]
#[field(name = uncased("clientid"))]
client_id: Option<String>, // web, cli, desktop, browser, mobile
#[field(name = uncased("client_secret"))]
#[field(name = uncased("clientsecret"))]
client_secret: Option<String>,
#[field(name = uncased("password"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
password: Option<String>,
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("scope"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
scope: Option<String>,
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("username"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
username: Option<String>,
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("device_identifier"))]
#[field(name = uncased("deviceidentifier"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
device_identifier: Option<String>,
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("device_name"))]
#[field(name = uncased("devicename"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
device_name: Option<String>,
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("device_type"))]
#[field(name = uncased("devicetype"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
device_type: Option<String>,
Ignore unused field
2021-12-28 00:48:33 +01:00
#[allow(unused)]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("device_push_token"))]
#[field(name = uncased("devicepushtoken"))]
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
_device_push_token: Option<String>, // Unused; mobile device push not yet supported.
Improve login query parsing
2018-10-17 22:25:28 +02:00
// Needed for two-factor auth
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("two_factor_provider"))]
#[field(name = uncased("twofactorprovider"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
two_factor_provider: Option<i32>,
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("two_factor_token"))]
#[field(name = uncased("twofactortoken"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
two_factor_token: Option<String>,
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
#[field(name = uncased("two_factor_remember"))]
#[field(name = uncased("twofactorremember"))]
Improve login query parsing
2018-10-17 22:25:28 +02:00
two_factor_remember: Option<i32>,
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
}
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations
2018-02-15 19:05:57 +01:00
Improve login query parsing
2018-10-17 22:25:28 +02:00
fn _check_is_some<T>(value: &Option<T>, msg: &str) -> EmptyResult {
if value.is_none() {
err!(msg)
First working version
2018-02-10 01:00:55 +01:00
}
Improve login query parsing
2018-10-17 22:25:28 +02:00
Ok(())
Detect device type correctly and shorten return types of functions
2018-02-17 20:47:13 +01:00
}
Permalink kopieren