Comunic/comunicapiv3
1
0
Fork 0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2025-03-14 18:02:37 +00:00
Code Issues Projects Releases Wiki Activity
comunicapiv3/src/controllers/admin/admin_keys_controller.rs

113 lines
3.7 KiB
Rust
Raw Normal View History

Can get admin roles through API
2021-05-14 18:38:46 +02:00
//! # Admin keys controller
//!
//! @author Pierre Hubert
use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
use crate::data::admin::AdminKey;
use crate::data::base_request_handler::BaseRequestHandler;
use crate::data::error::Res;
use crate::data::http_request_handler::HttpRequestHandler;
use crate::data::webauthn_config::get_wan;
use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper};
use crate::routes::RequestResult;
impl HttpRequestHandler {
pub fn post_admin_auth_key(&mut self, name_mail: &str, name_key_id: &str) -> Res<AdminKey> {
let mail = self.post_string(name_mail)?;
let key_id = self.post_u64(name_key_id)?;
let admin = admin_account_helper::find_admin_by_email(&mail)?;
let keys = admin_account_key_helper::get_admin_keys(admin.id)?;
let key = keys.into_iter()
.filter(|k| k.id == key_id)
.next();
match key {
Some(key) => Ok(key),
None => Err(self.bad_request("The key is not associated with this account!".to_string()).unwrap_err())
}
}
}
/// Generate a challenge to register a new key
pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
let mut wan = get_wan();
let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?;
admin_key_registration_challenges_helper::set(r.admin_id()?, state)?;
r.set_response(res)
}
/// Register key
pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
let name = r.post_string("name")?;
let creds = r.post_register_public_key_credential("key")?;
let state = r.some_or_internal_error(
admin_key_registration_challenges_helper::get(r.admin_id()?)?,
"No challenge found!",
)?;
let wan = get_wan();
let key = wan.register_credential(creds, state, |_| Ok(false))?;
admin_account_key_helper::add_key(r.admin_id()?, &name, key)?;
r.ok()
}
/// Delete an admin auth key
pub fn delete_auth_key(r: &mut HttpRequestHandler) -> RequestResult {
let admin_id = r.post_admin_id("adminID")?;
let key_id = r.post_u64("keyID")?;
if admin_id != r.admin_id()? {
unimplemented!(); // TODO
}
for key in admin_account_key_helper::get_admin_keys(admin_id)? {
if key.id == key_id {
admin_account_key_helper::delete_key(key)?;
return r.ok();
}
}
r.not_found("Requested key was not found!".to_string())
}
/// Generate a challenge to authenticate with a security key
pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
let key = r.post_admin_auth_key("mail", "key_id")?;
let (challenge_response, auth_state) =
get_wan().generate_challenge_authenticate(vec![key.key], None)?;
admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
r.set_response(challenge_response)
}
/// Authenticate a user with a security key
pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
let key = r.post_admin_auth_key("mail", "key_id")?;
let credentials = r.post_auth_public_key_credential("credential")?;
let state = r.some_or_internal_error(
admin_key_authentication_challenges_helper::get(key.id)?,
"Associated authentication state not found!",
)?;
// Perform authentication
let state = get_wan().authenticate_credential(credentials, state)?;
r.some_or_bad_request(state, "Invalid key!")?;
// Generate access token
let token = admin_access_token_helper::create(key.admin_id)?;
r.set_response(AdminAuthSuccess::new(token))
}
Reference in New Issue Copy Permalink