geforkt von mirrored/vaultwarden
Fixed issue #663.
During the 2fa activation there is no twofactor record yet. Changed the layout a bit so that it will generate a new twofactor record when it does not exists yet. Else it will just update the already existing record.
Dieser Commit ist enthalten in:
Ursprung
dc515b83f3
Commit
603a964579
1 geänderte Dateien mit 7 neuen und 7 gelöschten Zeilen
|
@ -73,14 +73,10 @@ fn activate_authenticator(data: JsonUpcase<EnableAuthenticatorData>, headers: He
|
||||||
err!("Invalid key length")
|
err!("Invalid key length")
|
||||||
}
|
}
|
||||||
|
|
||||||
let type_ = TwoFactorType::Authenticator;
|
// Validate the token provided with the key, and save new twofactor
|
||||||
let twofactor = TwoFactor::new(user.uuid.clone(), type_, key.to_uppercase());
|
validate_totp_code(&user.uuid, token, &key.to_uppercase(), &conn)?;
|
||||||
|
|
||||||
// Validate the token provided with the key
|
|
||||||
validate_totp_code(&user.uuid, token, &twofactor.data, &conn)?;
|
|
||||||
|
|
||||||
_generate_recover_code(&mut user, &conn);
|
_generate_recover_code(&mut user, &conn);
|
||||||
twofactor.save(&conn)?;
|
|
||||||
|
|
||||||
Ok(Json(json!({
|
Ok(Json(json!({
|
||||||
"Enabled": true,
|
"Enabled": true,
|
||||||
|
@ -112,7 +108,10 @@ pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, conn: &
|
||||||
Err(_) => err!("Invalid TOTP secret"),
|
Err(_) => err!("Invalid TOTP secret"),
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut twofactor = TwoFactor::find_by_user_and_type(&user_uuid, TwoFactorType::Authenticator as i32, &conn)?;
|
let mut twofactor = match TwoFactor::find_by_user_and_type(&user_uuid, TwoFactorType::Authenticator as i32, &conn) {
|
||||||
|
Some(tf) => tf,
|
||||||
|
_ => TwoFactor::new(user_uuid.to_string(), TwoFactorType::Authenticator, secret.to_string()),
|
||||||
|
};
|
||||||
|
|
||||||
// Get the current system time in UNIX Epoch (UTC)
|
// Get the current system time in UNIX Epoch (UTC)
|
||||||
let current_time: u64 = SystemTime::now().duration_since(UNIX_EPOCH)
|
let current_time: u64 = SystemTime::now().duration_since(UNIX_EPOCH)
|
||||||
|
@ -137,6 +136,7 @@ pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, conn: &
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save the last used time step so only totp time steps higher then this one are allowed.
|
// Save the last used time step so only totp time steps higher then this one are allowed.
|
||||||
|
// This will also save a newly created twofactor if the code is correct.
|
||||||
twofactor.last_used = time_step;
|
twofactor.last_used = time_step;
|
||||||
twofactor.save(&conn)?;
|
twofactor.save(&conn)?;
|
||||||
return Ok(());
|
return Ok(());
|
||||||
|
|
Laden …
In neuem Issue referenzieren