mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-04 02:18:00 +01:00
Code Issues Releases Aktivität

Merge branch 'BlackDex-fix-yubikey-panic'

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Daniel García 2022-12-18 20:32:10 +01:00
Commit bf73a8235f
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: FC8A7D14C3CD543A
2 geänderte Dateien mit 9 neuen und 7 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

14
src/api/core/two_factor/yubikey.rs
Datei anzeigen

@ -67,14 +67,16 @@ fn get_yubico_credentials() -> Result<(String, String), Error> {
} }
} }
fn verify_yubikey_otp(otp: String) -> EmptyResult { async fn verify_yubikey_otp(otp: String) -> EmptyResult {
let (yubico_id, yubico_secret) = get_yubico_credentials()?; let (yubico_id, yubico_secret) = get_yubico_credentials()?;
let config = Config::default().set_client_id(yubico_id).set_key(yubico_secret); let config = Config::default().set_client_id(yubico_id).set_key(yubico_secret);
match CONFIG.yubico_server() { match CONFIG.yubico_server() {
Some(server) => verify(otp, config.set_api_hosts(vec![server])), Some(server) => {
None => verify(otp, config), tokio::task::spawn_blocking(move || verify(otp, config.set_api_hosts(vec![server]))).await.unwrap()
}
None => tokio::task::spawn_blocking(move || verify(otp, config)).await.unwrap(),
} }
.map_res("Failed to verify OTP") .map_res("Failed to verify OTP")
.and(Ok(())) .and(Ok(()))
@ -152,7 +154,7 @@ async fn activate_yubikey(
continue; continue;
} }
verify_yubikey_otp(yubikey.to_owned()).map_res("Invalid Yubikey OTP provided")?; verify_yubikey_otp(yubikey.to_owned()).await.map_res("Invalid Yubikey OTP provided")?;
} }
let yubikey_ids: Vec<String> = yubikeys.into_iter().map(|x| (x[..12]).to_owned()).collect(); let yubikey_ids: Vec<String> = yubikeys.into_iter().map(|x| (x[..12]).to_owned()).collect();
@ -188,7 +190,7 @@ async fn activate_yubikey_put(
activate_yubikey(data, headers, conn, ip).await activate_yubikey(data, headers, conn, ip).await
} }
pub fn validate_yubikey_login(response: &str, twofactor_data: &str) -> EmptyResult { pub async fn validate_yubikey_login(response: &str, twofactor_data: &str) -> EmptyResult {
if response.len() != 44 { if response.len() != 44 {
err!("Invalid Yubikey OTP length"); err!("Invalid Yubikey OTP length");
} }
@ -200,7 +202,7 @@ pub fn validate_yubikey_login(response: &str, twofactor_data: &str) -> EmptyResu
err!("Given Yubikey is not registered"); err!("Given Yubikey is not registered");
} }
let result = verify_yubikey_otp(response.to_owned()); let result = verify_yubikey_otp(response.to_owned()).await;
match result { match result {
Ok(_answer) => Ok(()), Ok(_answer) => Ok(()),

2
src/api/identity.rs
Datei anzeigen

@ -399,7 +399,7 @@ async fn twofactor_auth(
Some(TwoFactorType::Webauthn) => { Some(TwoFactorType::Webauthn) => {
_tf::webauthn::validate_webauthn_login(user_uuid, twofactor_code, conn).await? _tf::webauthn::validate_webauthn_login(user_uuid, twofactor_code, conn).await?
} }
Some(TwoFactorType::YubiKey) => _tf::yubikey::validate_yubikey_login(twofactor_code, &selected_data?)?, Some(TwoFactorType::YubiKey) => _tf::yubikey::validate_yubikey_login(twofactor_code, &selected_data?).await?,
Some(TwoFactorType::Duo) => { Some(TwoFactorType::Duo) => {
_tf::duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await? _tf::duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await?
} }