From b359df7045a8c3a29dc06d80ce7ff15d88ea3955 Mon Sep 17 00:00:00 2001
From: Miroslav Prasil <miroslav@prasil.info>
Date: Sat, 3 Nov 2018 10:25:15 +0100
Subject: [PATCH 1/3] Switch from resin to balenalib

---
 Dockerfile.aarch64 | 2 +-
 Dockerfile.armv7   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 77bea2d3..d4b8e815 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -80,7 +80,7 @@ RUN cargo build --release --target=aarch64-unknown-linux-gnu -v
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM resin/aarch64-debian:stretch
+FROM balenalib/aarch64-debian:stretch
 
 ENV ROCKET_ENV "staging"
 ENV ROCKET_WORKERS=10
diff --git a/Dockerfile.armv7 b/Dockerfile.armv7
index 2712ae65..d56de1e1 100644
--- a/Dockerfile.armv7
+++ b/Dockerfile.armv7
@@ -80,7 +80,7 @@ RUN cargo build --release --target=armv7-unknown-linux-gnueabihf -v
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM resin/armv7hf-debian:stretch
+FROM balenalib/armv7hf-debian:stretch
 
 ENV ROCKET_ENV "staging"
 ENV ROCKET_WORKERS=10

From 760e0ab805c3e7610777ddad2c7d8392b765c7c6 Mon Sep 17 00:00:00 2001
From: Roman Hargrave <roman@hargrave.info>
Date: Fri, 9 Nov 2018 00:00:31 -0600
Subject: [PATCH 2/3] Initial u2f fix

---
 src/api/core/mod.rs        |  1 +
 src/api/core/two_factor.rs | 28 ++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
index 205bd5b2..3904acf7 100644
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -80,6 +80,7 @@ pub fn routes() -> Vec<Route> {
         activate_authenticator,
         activate_authenticator_put,
         generate_u2f,
+        generate_u2f_challenge,
         activate_u2f,
         activate_u2f_put,
 
diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs
index 7d412e54..3ed13b13 100644
--- a/src/api/core/two_factor.rs
+++ b/src/api/core/two_factor.rs
@@ -273,6 +273,34 @@ fn generate_u2f(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn)
     })))
 }
 
+#[post("/two-factor/get-u2f-challenge", data = "<data>")]
+fn generate_u2f_challenge(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult {
+    let data: PasswordData = data.into_inner().data;
+
+    if !headers.user.check_valid_password(&data.MasterPasswordHash) {
+        err!("Invalid password");
+    }
+
+    let user_uuid = &headers.user.uuid;
+
+    let u2f_type = TwoFactorType::U2f as i32;
+    let register_type = TwoFactorType::U2fRegisterChallenge;
+    let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) {
+        Some(_) => (true, String::new()),
+        None => {
+            let c = _create_u2f_challenge(user_uuid, register_type, &conn);
+            (false, c.challenge)
+        }
+    };
+
+    Ok(Json(json!({
+        "UserId": headers.user.uuid,
+        "AppId": APP_ID.to_string(),
+        "Challenge": challenge,
+        "Version": U2F_VERSION,
+    })))
+}
+
 #[derive(Deserialize, Debug)]
 #[allow(non_snake_case)]
 struct EnableU2FData {

From 62bc58e1453c885b15d3d56e4c50c985e2b9f4d2 Mon Sep 17 00:00:00 2001
From: Roman Hargrave <roman@hargrave.info>
Date: Fri, 9 Nov 2018 00:27:43 -0600
Subject: [PATCH 3/3] Clean up after u2f endpoint split

---
 src/api/core/two_factor.rs | 25 ++-----------------------
 1 file changed, 2 insertions(+), 23 deletions(-)

diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs
index 3ed13b13..969b8c50 100644
--- a/src/api/core/two_factor.rs
+++ b/src/api/core/two_factor.rs
@@ -252,23 +252,10 @@ fn generate_u2f(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn)
     let user_uuid = &headers.user.uuid;
 
     let u2f_type = TwoFactorType::U2f as i32;
-    let register_type = TwoFactorType::U2fRegisterChallenge;
-    let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) {
-        Some(_) => (true, String::new()),
-        None => {
-            let c = _create_u2f_challenge(user_uuid, register_type, &conn);
-            (false, c.challenge)
-        }
-    };
+    let enabled = TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn).is_some();
 
     Ok(Json(json!({
         "Enabled": enabled,
-        "Challenge": {
-            "UserId": headers.user.uuid,
-            "AppId": APP_ID.to_string(),
-            "Challenge": challenge,
-            "Version": U2F_VERSION,
-        },
         "Object": "twoFactorU2f"
     })))
 }
@@ -283,15 +270,7 @@ fn generate_u2f_challenge(data: JsonUpcase<PasswordData>, headers: Headers, conn
 
     let user_uuid = &headers.user.uuid;
 
-    let u2f_type = TwoFactorType::U2f as i32;
-    let register_type = TwoFactorType::U2fRegisterChallenge;
-    let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) {
-        Some(_) => (true, String::new()),
-        None => {
-            let c = _create_u2f_challenge(user_uuid, register_type, &conn);
-            (false, c.challenge)
-        }
-    };
+    let challenge = _create_u2f_challenge(user_uuid, TwoFactorType::U2fRegisterChallenge, &conn).challenge;
 
     Ok(Json(json!({
         "UserId": headers.user.uuid,