geforkt von mirrored/vaultwarden
Allows Custom Yubico OTP Server
Dieser Commit ist enthalten in:
Ursprung
9e0e4b13c5
Commit
2433d39df5
3 geänderte Dateien mit 12 neuen und 2 gelöschten Zeilen
3
.env
3
.env
|
@ -43,9 +43,10 @@
|
||||||
## Yubico (Yubikey) Settings
|
## Yubico (Yubikey) Settings
|
||||||
## Set your Client ID and Secret Key for Yubikey OTP
|
## Set your Client ID and Secret Key for Yubikey OTP
|
||||||
## You can generate it here: https://upgrade.yubico.com/getapikey/
|
## You can generate it here: https://upgrade.yubico.com/getapikey/
|
||||||
## TODO: Allow choosing custom YubiCloud server
|
## You can optionally specify a custom OTP server
|
||||||
# YUBICO_CLIENT_ID=11111
|
# YUBICO_CLIENT_ID=11111
|
||||||
# YUBICO_SECRET_KEY=AAAAAAAAAAAAAAAAAAAAAAAA
|
# YUBICO_SECRET_KEY=AAAAAAAAAAAAAAAAAAAAAAAA
|
||||||
|
# YUBICO_SERVER=http://yourdomain.com/wsapi/2.0/verify
|
||||||
|
|
||||||
## Rocket specific settings, check Rocket documentation to learn more
|
## Rocket specific settings, check Rocket documentation to learn more
|
||||||
# ROCKET_ENV=staging
|
# ROCKET_ENV=staging
|
||||||
|
|
|
@ -561,7 +561,14 @@ fn verify_yubikey_otp(otp: String) -> JsonResult {
|
||||||
let yubico = Yubico::new();
|
let yubico = Yubico::new();
|
||||||
let config = Config::default().set_client_id(CONFIG.yubico_client_id.to_owned()).set_key(CONFIG.yubico_secret_key.to_owned());
|
let config = Config::default().set_client_id(CONFIG.yubico_client_id.to_owned()).set_key(CONFIG.yubico_secret_key.to_owned());
|
||||||
|
|
||||||
let result = yubico.verify(otp, config);
|
let result;
|
||||||
|
|
||||||
|
if CONFIG.yubico_server.is_some() {
|
||||||
|
result = yubico.verify(otp, config.set_api_hosts(vec![CONFIG.yubico_server.to_owned().unwrap()]));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
result = yubico.verify(otp, config);
|
||||||
|
}
|
||||||
|
|
||||||
match result {
|
match result {
|
||||||
Ok(_answer) => Ok(Json(json!({}))),
|
Ok(_answer) => Ok(Json(json!({}))),
|
||||||
|
|
|
@ -249,6 +249,7 @@ pub struct Config {
|
||||||
yubico_cred_set: bool,
|
yubico_cred_set: bool,
|
||||||
yubico_client_id: String,
|
yubico_client_id: String,
|
||||||
yubico_secret_key: String,
|
yubico_secret_key: String,
|
||||||
|
yubico_server: Option<String>,
|
||||||
|
|
||||||
mail: Option<MailConfig>,
|
mail: Option<MailConfig>,
|
||||||
}
|
}
|
||||||
|
@ -294,6 +295,7 @@ impl Config {
|
||||||
yubico_cred_set: yubico_client_id.is_some() && yubico_secret_key.is_some(),
|
yubico_cred_set: yubico_client_id.is_some() && yubico_secret_key.is_some(),
|
||||||
yubico_client_id: yubico_client_id.unwrap_or("00000".into()),
|
yubico_client_id: yubico_client_id.unwrap_or("00000".into()),
|
||||||
yubico_secret_key: yubico_secret_key.unwrap_or("AAAAAAA".into()),
|
yubico_secret_key: yubico_secret_key.unwrap_or("AAAAAAA".into()),
|
||||||
|
yubico_server: get_env("YUBICO_SERVER"),
|
||||||
|
|
||||||
mail: MailConfig::load(),
|
mail: MailConfig::load(),
|
||||||
}
|
}
|
||||||
|
|
Laden …
In neuem Issue referenzieren