Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-09-28 21:53:55 +02:00
more cleanup
Dieser Commit ist enthalten in:
Ursprung
dd4e5d6c16
Commit
fde54f3b18
2 geänderte Dateien mit 8 neuen und 5 gelöschten Zeilen
|
@ -131,7 +131,8 @@ struct IdTokenClaims {
|
||||||
nonce: String,
|
nonce: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Duo WebSDK 4 Client
|
// Duo OIDC Authorization Client
|
||||||
|
// See https://duo.com/docs/oauthapi
|
||||||
struct DuoClient {
|
struct DuoClient {
|
||||||
client_id: String, // Duo Client ID (DuoData.ik)
|
client_id: String, // Duo Client ID (DuoData.ik)
|
||||||
client_secret: String, // Duo Client Secret (DuoData.sk)
|
client_secret: String, // Duo Client Secret (DuoData.sk)
|
||||||
|
@ -140,7 +141,6 @@ struct DuoClient {
|
||||||
jwt_exp_seconds: i64, // Number of seconds that JWTs we create should be valid for
|
jwt_exp_seconds: i64, // Number of seconds that JWTs we create should be valid for
|
||||||
}
|
}
|
||||||
|
|
||||||
// See https://duo.com/docs/oauthapi
|
|
||||||
impl DuoClient {
|
impl DuoClient {
|
||||||
|
|
||||||
// Construct a new DuoClient
|
// Construct a new DuoClient
|
||||||
|
@ -240,7 +240,7 @@ impl DuoClient {
|
||||||
let jwt_payload = AuthorizationRequest {
|
let jwt_payload = AuthorizationRequest {
|
||||||
response_type: String::from("code"),
|
response_type: String::from("code"),
|
||||||
scope: String::from("openid"),
|
scope: String::from("openid"),
|
||||||
exp: now,
|
exp: now + self.jwt_exp_seconds,
|
||||||
client_id: self.client_id.clone(),
|
client_id: self.client_id.clone(),
|
||||||
redirect_uri: self.redirect_uri.clone(),
|
redirect_uri: self.redirect_uri.clone(),
|
||||||
state,
|
state,
|
||||||
|
@ -303,7 +303,7 @@ impl DuoClient {
|
||||||
post_body.insert("client_assertion", token);
|
post_body.insert("client_assertion", token);
|
||||||
|
|
||||||
let res = match get_reqwest_client()
|
let res = match get_reqwest_client()
|
||||||
.post(token_url.clone())
|
.post(&token_url)
|
||||||
.header(header::USER_AGENT, "vaultwarden:Duo/2.0 (Rust)")
|
.header(header::USER_AGENT, "vaultwarden:Duo/2.0 (Rust)")
|
||||||
.form(&post_body)
|
.form(&post_body)
|
||||||
.send()
|
.send()
|
||||||
|
|
|
@ -523,9 +523,11 @@ async fn twofactor_auth(
|
||||||
Some(TwoFactorType::Duo | TwoFactorType::OrganizationDuo) => {
|
Some(TwoFactorType::Duo | TwoFactorType::OrganizationDuo) => {
|
||||||
match CONFIG.duo_use_iframe() {
|
match CONFIG.duo_use_iframe() {
|
||||||
true => {
|
true => {
|
||||||
|
// Legacy iframe prompt flow
|
||||||
duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await?
|
duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await?
|
||||||
}
|
}
|
||||||
false => {
|
false => {
|
||||||
|
// OIDC based flow
|
||||||
duo_oidc::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, client_type, conn).await?
|
duo_oidc::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, client_type, conn).await?
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -594,9 +596,9 @@ async fn _json_err_twofactor(providers: &[i32], user_uuid: &str, client_type: &C
|
||||||
None => err!("User does not exist"),
|
None => err!("User does not exist"),
|
||||||
};
|
};
|
||||||
|
|
||||||
// Should we try to use the legacy iframe prompt?
|
|
||||||
match CONFIG.duo_use_iframe() {
|
match CONFIG.duo_use_iframe() {
|
||||||
true => {
|
true => {
|
||||||
|
// Legacy iframe prompt flow
|
||||||
let (signature, host) = duo::generate_duo_signature(&email, conn).await?;
|
let (signature, host) = duo::generate_duo_signature(&email, conn).await?;
|
||||||
result["TwoFactorProviders2"][provider.to_string()] = json!({
|
result["TwoFactorProviders2"][provider.to_string()] = json!({
|
||||||
"Host": host,
|
"Host": host,
|
||||||
|
@ -604,6 +606,7 @@ async fn _json_err_twofactor(providers: &[i32], user_uuid: &str, client_type: &C
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
false => {
|
false => {
|
||||||
|
// OIDC based flow
|
||||||
let auth_url = duo_oidc::get_duo_auth_url(&email, client_type, conn).await?;
|
let auth_url = duo_oidc::get_duo_auth_url(&email, client_type, conn).await?;
|
||||||
|
|
||||||
result["TwoFactorProviders2"][provider.to_string()] = json!({
|
result["TwoFactorProviders2"][provider.to_string()] = json!({
|
||||||
|
|
Laden …
In neuem Issue referenzieren