mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2024-11-25 23:09:22 +00:00
Can authenticate using security key
This commit is contained in:
parent
c52b7a4408
commit
3c4a5a53a1
@ -154,4 +154,24 @@ pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
|
|||||||
admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
|
admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
|
||||||
|
|
||||||
r.set_response(challenge_response)
|
r.set_response(challenge_response)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Authenticate a user with a security key
|
||||||
|
pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||||
|
let key = r.post_admin_auth_key("mail", "key_id")?;
|
||||||
|
let credentials = r.post_auth_public_key_credential("credential")?;
|
||||||
|
|
||||||
|
let state = r.some_or_internal_error(
|
||||||
|
admin_key_authentication_challenges_helper::get(key.id)?,
|
||||||
|
"Associated authentication state not found!",
|
||||||
|
)?;
|
||||||
|
|
||||||
|
// Perform authentication
|
||||||
|
let state = get_wan().authenticate_credential(credentials, state)?;
|
||||||
|
r.some_or_bad_request(state, "Invalid key!")?;
|
||||||
|
|
||||||
|
// Generate access token
|
||||||
|
let token = admin_access_token_helper::create(key.admin_id)?;
|
||||||
|
|
||||||
|
r.set_response(AdminAuthSuccess::new(token))
|
||||||
}
|
}
|
@ -177,6 +177,17 @@ pub trait BaseRequestHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Unwrap an option, returning an error if none is returned
|
||||||
|
fn some_or_bad_request<E>(&mut self, opt: Option<E>, msg: &str) -> Res<E> {
|
||||||
|
match opt {
|
||||||
|
None => {
|
||||||
|
self.bad_request(msg.to_string())?;
|
||||||
|
unreachable!()
|
||||||
|
}
|
||||||
|
Some(e) => Ok(e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/// Get a user ID, if available
|
/// Get a user ID, if available
|
||||||
fn user_id_opt(&self) -> Option<UserID> {
|
fn user_id_opt(&self) -> Option<UserID> {
|
||||||
@ -558,6 +569,13 @@ pub trait BaseRequestHandler {
|
|||||||
Ok(serde_json::from_str(&str)?)
|
Ok(serde_json::from_str(&str)?)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Get the response to a key authentication included in the request
|
||||||
|
fn post_auth_public_key_credential(&mut self, name: &str) -> Res<webauthn_rs::proto::PublicKeyCredential> {
|
||||||
|
let str = self.post_string(name)?;
|
||||||
|
|
||||||
|
Ok(serde_json::from_str(&str)?)
|
||||||
|
}
|
||||||
|
|
||||||
/// Get the ID of a user included in a POST request
|
/// Get the ID of a user included in a POST request
|
||||||
fn post_user_id(&mut self, name: &str) -> ResultBoxError<UserID> {
|
fn post_user_id(&mut self, name: &str) -> ResultBoxError<UserID> {
|
||||||
let user_id = UserID::new(self.post_u64(name)?);
|
let user_id = UserID::new(self.post_u64(name)?);
|
||||||
|
@ -356,5 +356,6 @@ pub fn get_routes() -> Vec<Route> {
|
|||||||
Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key)),
|
Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key)),
|
||||||
Route::admin_post("/admin/accounts/register_key", Box::new(admin_account_controller::register_key)),
|
Route::admin_post("/admin/accounts/register_key", Box::new(admin_account_controller::register_key)),
|
||||||
Route::limited_admin_post_without_login("/admin/accounts/challenge_auth_with_key", Box::new(admin_account_controller::challenge_auth_with_key), LimitPolicy::ANY(10)),
|
Route::limited_admin_post_without_login("/admin/accounts/challenge_auth_with_key", Box::new(admin_account_controller::challenge_auth_with_key), LimitPolicy::ANY(10)),
|
||||||
|
Route::limited_admin_post_without_login("/admin/accounts/auth_with_key", Box::new(admin_account_controller::auth_with_key), LimitPolicy::ANY(10)),
|
||||||
]
|
]
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user