Can generate admin key enrollment challenge

2025-11-04 09:34:04 +00:00 · 2021-05-14 09:30:59 +02:00
parent 158d35171d
commit 70860ab184
11 changed files with 147 additions and 11 deletions
--- a/src/controllers/admin/admin_account_controller.rs
+++ b/src/controllers/admin/admin_account_controller.rs
@@ -2,6 +2,8 @@
 //!
 //! @author Pierre Hubert

+
+
 use crate::api_data::admin::admin_auth_options::AdminAuthOptions;
 use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
 use crate::api_data::admin::admin_id_api::AdminIDAPI;
@@ -9,7 +11,8 @@ use crate::api_data::admin::admin_info_api::AdminInfoAPI;
 use crate::data::admin::NewAdminGeneralSettings;
 use crate::data::base_request_handler::BaseRequestHandler;
 use crate::data::http_request_handler::HttpRequestHandler;
-use crate::helpers::{admin_access_token_helper, admin_account_helper};
+use crate::data::webauthn_config::get_wan;
+use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_key_registration_challenges_helper};
 use crate::routes::RequestResult;
 use crate::utils::date_utils::time;

@@ -89,4 +92,15 @@ pub fn update_general_settings(r: &mut HttpRequestHandler) -> RequestResult {
    })?;

    r.ok()
+}
+
+/// Generate a challenge to register a new key
+pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
+    let mut wan = get_wan();
+
+    let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?;
+
+    admin_key_registration_challenges_helper::set(r.admin_id()?, state)?;
+
+    r.set_response(res)
 }
--- a/src/data/admin.rs
+++ b/src/data/admin.rs
@@ -13,6 +13,10 @@ impl AdminID {
    pub fn id(&self) -> u64 {
        self.0
    }
+
+    pub fn id_str(&self) -> String {
+        format!("{}", self.0)
+    }
 }

 pub struct NewAdmin {
@@ -47,12 +51,12 @@ pub struct AdminKey {
 pub struct AdminAccessToken {
    pub token: String,
    pub id: AdminID,
-    pub last_refresh: u64
+    pub last_refresh: u64,
 }

 /// New admin general settings
 pub struct NewAdminGeneralSettings {
    pub id: AdminID,
    pub name: String,
-    pub email: String
+    pub email: String,
 }
--- a/src/data/mod.rs
+++ b/src/data/mod.rs
@@ -41,4 +41,5 @@ pub mod call_signal;
 pub mod new_notifications_settings;
 pub mod push_notification;
 pub mod presence;
-pub mod admin;
+pub mod admin;
+pub mod webauthn_config;
--- a/src/data/webauthn_config.rs
+++ b/src/data/webauthn_config.rs
@@ -0,0 +1,36 @@
+//! # Webauthn config
+//!
+//! @author Pierre Hubert
+
+use webauthn_rs::{Webauthn, WebauthnConfig};
+
+use crate::data::config::conf;
+
+pub struct ComunicAdminWebauthnConfig {}
+
+impl WebauthnConfig for ComunicAdminWebauthnConfig {
+    fn get_relying_party_name(&self) -> String {
+        "ComunicAdmin".to_string()
+    }
+
+    fn get_origin(&self) -> &String {
+        &conf().admin_url
+    }
+
+    fn get_relying_party_id(&self) -> String {
+        self.get_origin()
+            .replace("https://", "")
+            .replace("http://", "")
+            .split(":")
+            .next()
+            .unwrap()
+            .split("/")
+            .next()
+            .unwrap()
+            .to_string()
+    }
+}
+
+pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
+    Webauthn::new(ComunicAdminWebauthnConfig {})
+}
--- a/src/helpers/admin_access_token_helper.rs
+++ b/src/helpers/admin_access_token_helper.rs
@@ -13,7 +13,7 @@ use crate::utils::date_utils::time;

 static mut CACHE: Option<Arc<Mutex<HashMap<AdminID, AdminAccessToken>>>> = None;

-/// Initialize this helper
+/// Initialize this helper's cache
 pub fn init() {
    unsafe {
        let map = HashMap::new();
--- a/src/helpers/admin_key_registration_challenges_helper.rs
+++ b/src/helpers/admin_key_registration_challenges_helper.rs
@@ -0,0 +1,34 @@
+//! # Administrators key registration challenges helper
+//!
+//! Allows to temporarily stores keys registration challenges
+//!
+//! @author Pierre Hubert
+
+use std::collections::HashMap;
+use std::sync::{Arc, Mutex};
+
+use webauthn_rs::RegistrationState;
+
+use crate::data::admin::AdminID;
+use crate::data::error::Res;
+
+static mut CACHE: Option<Arc<Mutex<HashMap<AdminID, RegistrationState>>>> = None;
+
+/// Initialize this helper's cache
+pub fn init() {
+    unsafe {
+        let map = HashMap::new();
+        CACHE = Some(Arc::new(Mutex::new(map)));
+    }
+}
+
+/// Store a new entry in the cache
+pub fn set(admin: AdminID, key: RegistrationState) -> Res {
+    let cache = unsafe {
+        CACHE.as_ref().unwrap().lock()
+    };
+
+    cache?.insert(admin, key);
+
+    Ok(())
+}
--- a/src/helpers/mod.rs
+++ b/src/helpers/mod.rs
@@ -23,4 +23,5 @@ pub mod independent_push_notifications_service_helper;
 pub mod firebase_notifications_helper;
 pub mod forez_presence_helper;
 pub mod admin_account_helper;
-pub mod admin_access_token_helper;
+pub mod admin_access_token_helper;
+pub mod admin_key_registration_challenges_helper;
--- a/src/routes.rs
+++ b/src/routes.rs
@@ -353,5 +353,6 @@ pub fn get_routes() -> Vec<Route> {
        Route::admin_post("/admin/accounts/id", Box::new(admin_account_controller::get_admin_id)),
        Route::admin_post("/admin/accounts/info", Box::new(admin_account_controller::get_admin_info)),
        Route::admin_post("/admin/accounts/update_general_settings", Box::new(admin_account_controller::update_general_settings)),
+        Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key))
    ]
 }
--- a/src/server.rs
+++ b/src/server.rs
@@ -17,7 +17,7 @@ use crate::controllers::{rtc_relay_controller, user_ws_controller};
 use crate::data::base_request_handler::{BaseRequestHandler, PostFile, RequestValue};
 use crate::data::config::Config;
 use crate::data::http_request_handler::HttpRequestHandler;
-use crate::helpers::{api_helper, requests_limit_helper, admin_access_token_helper};
+use crate::helpers::{admin_access_token_helper, admin_key_registration_challenges_helper, api_helper, requests_limit_helper};
 use crate::routes::{get_routes, RequestResult, Route, RouteScope};
 use crate::routes::Method::{GET, POST};
 use crate::utils::user_data_utils::user_data_path;
@@ -221,7 +221,7 @@ fn process_simple_route(route: &Route, req: &mut HttpRequestHandler) -> RequestR
            if route.need_login || req.has_post_parameter("token") {
                req.check_user_token()?;
            }
-        },
+        }

        // "Admin" user scope
        RouteScope::ADMIN => {
@@ -234,7 +234,6 @@ fn process_simple_route(route: &Route, req: &mut HttpRequestHandler) -> RequestR
    }


-
    let res: RequestResult = (route.func)(req);

    requests_limit_helper::trigger_after(res.is_ok(), req, route)?;
@@ -350,8 +349,8 @@ pub async fn start_server(conf: &Config) -> std::io::Result<()> {

    // Initialize limit helper
    requests_limit_helper::init();
-
    admin_access_token_helper::init();
+    admin_key_registration_challenges_helper::init();

    let addr = conf.server_listen_address();
    println!("Start to listen on http://{}/", addr);