geforkt von mirrored/vaultwarden
Revert yubikey feature, not needed anymore
Dieser Commit ist enthalten in:
Ursprung
de51bc782e
Commit
f571df7367
3 geänderte Dateien mit 9 neuen und 33 gelöschten Zeilen
|
@ -11,9 +11,7 @@ publish = false
|
||||||
build = "build.rs"
|
build = "build.rs"
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["enable_yubikey"]
|
|
||||||
enable_syslog = ["syslog", "fern/syslog-4"]
|
enable_syslog = ["syslog", "fern/syslog-4"]
|
||||||
enable_yubikey = ["yubico"]
|
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
# Web framework for nightly with a focus on ease-of-use, expressibility, and speed.
|
# Web framework for nightly with a focus on ease-of-use, expressibility, and speed.
|
||||||
|
@ -74,7 +72,7 @@ jsonwebtoken = "5.0.1"
|
||||||
u2f = "0.1.4"
|
u2f = "0.1.4"
|
||||||
|
|
||||||
# Yubico Library
|
# Yubico Library
|
||||||
yubico = { version = "0.5.0", features = ["online"], default-features = false, optional = true }
|
yubico = { version = "0.5.0", features = ["online"], default-features = false }
|
||||||
|
|
||||||
# A `dotenv` implementation for Rust
|
# A `dotenv` implementation for Rust
|
||||||
dotenv = { version = "0.13.0", default-features = false }
|
dotenv = { version = "0.13.0", default-features = false }
|
||||||
|
|
|
@ -55,8 +55,7 @@ COPY . .
|
||||||
|
|
||||||
# Build
|
# Build
|
||||||
RUN rustup target add aarch64-unknown-linux-gnu
|
RUN rustup target add aarch64-unknown-linux-gnu
|
||||||
# TODO: Enable yubico when #262 is fixed
|
RUN cargo build --release --target=aarch64-unknown-linux-gnu -v
|
||||||
RUN cargo build --release --target=aarch64-unknown-linux-gnu -v --no-default-features
|
|
||||||
|
|
||||||
######################## RUNTIME IMAGE ########################
|
######################## RUNTIME IMAGE ########################
|
||||||
# Create a new stage with a minimal image
|
# Create a new stage with a minimal image
|
||||||
|
|
|
@ -15,18 +15,8 @@ use crate::auth::Headers;
|
||||||
|
|
||||||
use rocket::Route;
|
use rocket::Route;
|
||||||
|
|
||||||
#[cfg(feature = "enable_yubikey")]
|
|
||||||
fn yubi_routes() -> Vec<Route> {
|
|
||||||
routes![generate_yubikey, activate_yubikey, activate_yubikey_put]
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(not(feature = "enable_yubikey"))]
|
|
||||||
fn yubi_routes() -> Vec<Route> {
|
|
||||||
Vec::new()
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn routes() -> Vec<Route> {
|
pub fn routes() -> Vec<Route> {
|
||||||
let mut routes = routes![
|
routes![
|
||||||
get_twofactor,
|
get_twofactor,
|
||||||
get_recover,
|
get_recover,
|
||||||
recover,
|
recover,
|
||||||
|
@ -39,11 +29,10 @@ pub fn routes() -> Vec<Route> {
|
||||||
generate_u2f_challenge,
|
generate_u2f_challenge,
|
||||||
activate_u2f,
|
activate_u2f,
|
||||||
activate_u2f_put,
|
activate_u2f_put,
|
||||||
];
|
generate_yubikey,
|
||||||
|
activate_yubikey,
|
||||||
routes.append(&mut yubi_routes());
|
activate_yubikey_put,
|
||||||
|
]
|
||||||
routes
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[get("/two-factor")]
|
#[get("/two-factor")]
|
||||||
|
@ -496,8 +485,8 @@ pub struct YubikeyMetadata {
|
||||||
pub Nfc: bool,
|
pub Nfc: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "enable_yubikey")]
|
use yubico::config::Config;
|
||||||
use yubico::{config::Config, Yubico};
|
use yubico::Yubico;
|
||||||
|
|
||||||
fn parse_yubikeys(data: &EnableYubikeyData) -> Vec<String> {
|
fn parse_yubikeys(data: &EnableYubikeyData) -> Vec<String> {
|
||||||
let mut yubikeys: Vec<String> = Vec::new();
|
let mut yubikeys: Vec<String> = Vec::new();
|
||||||
|
@ -535,7 +524,6 @@ fn jsonify_yubikeys(yubikeys: Vec<String>) -> serde_json::Value {
|
||||||
result
|
result
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "enable_yubikey")]
|
|
||||||
fn verify_yubikey_otp(otp: String) -> JsonResult {
|
fn verify_yubikey_otp(otp: String) -> JsonResult {
|
||||||
if !CONFIG.yubico_cred_set {
|
if !CONFIG.yubico_cred_set {
|
||||||
err!("`YUBICO_CLIENT_ID` or `YUBICO_SECRET_KEY` environment variable is not set. Yubikey OTP Disabled")
|
err!("`YUBICO_CLIENT_ID` or `YUBICO_SECRET_KEY` environment variable is not set. Yubikey OTP Disabled")
|
||||||
|
@ -557,7 +545,6 @@ fn verify_yubikey_otp(otp: String) -> JsonResult {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "enable_yubikey")]
|
|
||||||
#[post("/two-factor/get-yubikey", data = "<data>")]
|
#[post("/two-factor/get-yubikey", data = "<data>")]
|
||||||
fn generate_yubikey(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult {
|
fn generate_yubikey(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult {
|
||||||
if !CONFIG.yubico_cred_set {
|
if !CONFIG.yubico_cred_set {
|
||||||
|
@ -593,7 +580,6 @@ fn generate_yubikey(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbCo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "enable_yubikey")]
|
|
||||||
#[post("/two-factor/yubikey", data = "<data>")]
|
#[post("/two-factor/yubikey", data = "<data>")]
|
||||||
fn activate_yubikey(data: JsonUpcase<EnableYubikeyData>, headers: Headers, conn: DbConn) -> JsonResult {
|
fn activate_yubikey(data: JsonUpcase<EnableYubikeyData>, headers: Headers, conn: DbConn) -> JsonResult {
|
||||||
let data: EnableYubikeyData = data.into_inner().data;
|
let data: EnableYubikeyData = data.into_inner().data;
|
||||||
|
@ -655,18 +641,11 @@ fn activate_yubikey(data: JsonUpcase<EnableYubikeyData>, headers: Headers, conn:
|
||||||
Ok(Json(result))
|
Ok(Json(result))
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "enable_yubikey")]
|
|
||||||
#[put("/two-factor/yubikey", data = "<data>")]
|
#[put("/two-factor/yubikey", data = "<data>")]
|
||||||
fn activate_yubikey_put(data: JsonUpcase<EnableYubikeyData>, headers: Headers, conn: DbConn) -> JsonResult {
|
fn activate_yubikey_put(data: JsonUpcase<EnableYubikeyData>, headers: Headers, conn: DbConn) -> JsonResult {
|
||||||
activate_yubikey(data, headers, conn)
|
activate_yubikey(data, headers, conn)
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(not(feature = "enable_yubikey"))]
|
|
||||||
pub fn validate_yubikey_login(_: &str, _: &str, _: &DbConn) -> EmptyResult {
|
|
||||||
err!("Yubikey functionality is disabled. If you are using AArch64, check #262")
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(feature = "enable_yubikey")]
|
|
||||||
pub fn validate_yubikey_login(user_uuid: &str, response: &str, conn: &DbConn) -> EmptyResult {
|
pub fn validate_yubikey_login(user_uuid: &str, response: &str, conn: &DbConn) -> EmptyResult {
|
||||||
if response.len() != 44 {
|
if response.len() != 44 {
|
||||||
err!("Invalid Yubikey OTP length");
|
err!("Invalid Yubikey OTP length");
|
||||||
|
|
Laden …
In neuem Issue referenzieren