mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-09-28 21:53:55 +02:00
Code Issues Releases Aktivität

more cleanup

Quellcode durchsuchen
Dieser Commit ist enthalten in:
0x0fbc 2024-06-07 00:28:10 -04:00 committet von Mathijs van Veluw
Ursprung dd4e5d6c16
Commit fde54f3b18
2 geänderte Dateien mit 8 neuen und 5 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

8
src/api/core/two_factor/duo_oidc.rs
Datei anzeigen

@ -131,7 +131,8 @@ struct IdTokenClaims {
nonce: String, nonce: String,
} }
// Duo WebSDK 4 Client // Duo OIDC Authorization Client
// See https://duo.com/docs/oauthapi
struct DuoClient { struct DuoClient {
client_id: String, // Duo Client ID (DuoData.ik) client_id: String, // Duo Client ID (DuoData.ik)
client_secret: String, // Duo Client Secret (DuoData.sk) client_secret: String, // Duo Client Secret (DuoData.sk)
@ -140,7 +141,6 @@ struct DuoClient {
jwt_exp_seconds: i64, // Number of seconds that JWTs we create should be valid for jwt_exp_seconds: i64, // Number of seconds that JWTs we create should be valid for
} }
// See https://duo.com/docs/oauthapi
impl DuoClient { impl DuoClient {
// Construct a new DuoClient // Construct a new DuoClient
@ -240,7 +240,7 @@ impl DuoClient {
let jwt_payload = AuthorizationRequest { let jwt_payload = AuthorizationRequest {
response_type: String::from("code"), response_type: String::from("code"),
scope: String::from("openid"), scope: String::from("openid"),
exp: now, exp: now + self.jwt_exp_seconds,
client_id: self.client_id.clone(), client_id: self.client_id.clone(),
redirect_uri: self.redirect_uri.clone(), redirect_uri: self.redirect_uri.clone(),
state, state,
@ -303,7 +303,7 @@ impl DuoClient {
post_body.insert("client_assertion", token); post_body.insert("client_assertion", token);
let res = match get_reqwest_client() let res = match get_reqwest_client()
.post(token_url.clone()) .post(&token_url)
.header(header::USER_AGENT, "vaultwarden:Duo/2.0 (Rust)") .header(header::USER_AGENT, "vaultwarden:Duo/2.0 (Rust)")
.form(&post_body) .form(&post_body)
.send() .send()

5
src/api/identity.rs
Datei anzeigen

@ -523,9 +523,11 @@ async fn twofactor_auth(
Some(TwoFactorType::Duo | TwoFactorType::OrganizationDuo) => { Some(TwoFactorType::Duo | TwoFactorType::OrganizationDuo) => {
match CONFIG.duo_use_iframe() { match CONFIG.duo_use_iframe() {
true => { true => {
// Legacy iframe prompt flow
duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await? duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await?
} }
false => { false => {
// OIDC based flow
duo_oidc::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, client_type, conn).await? duo_oidc::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, client_type, conn).await?
} }
} }
@ -594,9 +596,9 @@ async fn _json_err_twofactor(providers: &[i32], user_uuid: &str, client_type: &C
None => err!("User does not exist"), None => err!("User does not exist"),
}; };
// Should we try to use the legacy iframe prompt?
match CONFIG.duo_use_iframe() { match CONFIG.duo_use_iframe() {
true => { true => {
// Legacy iframe prompt flow
let (signature, host) = duo::generate_duo_signature(&email, conn).await?; let (signature, host) = duo::generate_duo_signature(&email, conn).await?;
result["TwoFactorProviders2"][provider.to_string()] = json!({ result["TwoFactorProviders2"][provider.to_string()] = json!({
"Host": host, "Host": host,
@ -604,6 +606,7 @@ async fn _json_err_twofactor(providers: &[i32], user_uuid: &str, client_type: &C
}) })
} }
false => { false => {
// OIDC based flow
let auth_url = duo_oidc::get_duo_auth_url(&email, client_type, conn).await?; let auth_url = duo_oidc::get_duo_auth_url(&email, client_type, conn).await?;
result["TwoFactorProviders2"][provider.to_string()] = json!({ result["TwoFactorProviders2"][provider.to_string()] = json!({