mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2024-12-26 13:38:51 +00:00
Can create auth challenge
This commit is contained in:
parent
210dcb9597
commit
c52b7a4408
@ -8,14 +8,34 @@ use crate::api_data::admin::admin_auth_options::AdminAuthOptions;
|
||||
use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
|
||||
use crate::api_data::admin::admin_id_api::AdminIDAPI;
|
||||
use crate::api_data::admin::admin_info_api::AdminInfoAPI;
|
||||
use crate::data::admin::NewAdminGeneralSettings;
|
||||
use crate::data::admin::{AdminKey, NewAdminGeneralSettings};
|
||||
use crate::data::base_request_handler::BaseRequestHandler;
|
||||
use crate::data::error::Res;
|
||||
use crate::data::http_request_handler::HttpRequestHandler;
|
||||
use crate::data::webauthn_config::get_wan;
|
||||
use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_registration_challenges_helper};
|
||||
use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper};
|
||||
use crate::routes::RequestResult;
|
||||
use crate::utils::date_utils::time;
|
||||
|
||||
impl HttpRequestHandler {
|
||||
pub fn post_admin_auth_key(&mut self, name_mail: &str, name_key_id: &str) -> Res<AdminKey> {
|
||||
let mail = self.post_string(name_mail)?;
|
||||
let key_id = self.post_u64(name_key_id)?;
|
||||
|
||||
let admin = admin_account_helper::find_admin_by_email(&mail)?;
|
||||
let keys = admin_account_key_helper::get_admin_keys(admin.id)?;
|
||||
|
||||
let key = keys.into_iter()
|
||||
.filter(|k| k.id == key_id)
|
||||
.next();
|
||||
|
||||
match key {
|
||||
Some(key) => Ok(key),
|
||||
None => Err(self.bad_request("The key is not associated with this account!".to_string()).unwrap_err())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Get admin auth options
|
||||
pub fn get_auth_options(r: &mut HttpRequestHandler) -> RequestResult {
|
||||
let mail = r.post_email("mail")?;
|
||||
@ -122,4 +142,16 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||
admin_account_key_helper::add_key(r.admin_id()?, &name, key)?;
|
||||
|
||||
r.ok()
|
||||
}
|
||||
|
||||
/// Generate a challenge to authenticate with a security key
|
||||
pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||
let key = r.post_admin_auth_key("mail", "key_id")?;
|
||||
|
||||
let (challenge_response, auth_state) =
|
||||
get_wan().generate_challenge_authenticate(vec![key.key], None)?;
|
||||
|
||||
admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
|
||||
|
||||
r.set_response(challenge_response)
|
||||
}
|
41
src/helpers/admin_key_authentication_challenges_helper.rs
Normal file
41
src/helpers/admin_key_authentication_challenges_helper.rs
Normal file
@ -0,0 +1,41 @@
|
||||
//! # Administrators key authentication challenges helper
|
||||
//!
|
||||
//! Allows to temporarily stores keys authentication challenges
|
||||
//!
|
||||
//! @author Pierre Hubert
|
||||
|
||||
use std::collections::HashMap;
|
||||
use std::sync::{Arc, Mutex};
|
||||
|
||||
use webauthn_rs::AuthenticationState;
|
||||
|
||||
use crate::data::error::Res;
|
||||
|
||||
static mut CACHE: Option<Arc<Mutex<HashMap<u64, AuthenticationState>>>> = None;
|
||||
|
||||
/// Initialize this helper's cache
|
||||
pub fn init() {
|
||||
unsafe {
|
||||
let map = HashMap::new();
|
||||
CACHE = Some(Arc::new(Mutex::new(map)));
|
||||
}
|
||||
}
|
||||
|
||||
/// Store a new entry in the cache
|
||||
pub fn set(key_id: u64, state: AuthenticationState) -> Res {
|
||||
let cache = unsafe {
|
||||
CACHE.as_ref().unwrap().lock()
|
||||
};
|
||||
|
||||
cache?.insert(key_id, state);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn get(key_id: u64) -> Res<Option<AuthenticationState>> {
|
||||
let cache = unsafe {
|
||||
CACHE.as_ref().unwrap().lock()
|
||||
};
|
||||
|
||||
Ok(cache?.remove(&key_id))
|
||||
}
|
@ -25,4 +25,5 @@ pub mod forez_presence_helper;
|
||||
pub mod admin_account_helper;
|
||||
pub mod admin_account_key_helper;
|
||||
pub mod admin_access_token_helper;
|
||||
pub mod admin_key_registration_challenges_helper;
|
||||
pub mod admin_key_registration_challenges_helper;
|
||||
pub mod admin_key_authentication_challenges_helper;
|
@ -355,5 +355,6 @@ pub fn get_routes() -> Vec<Route> {
|
||||
Route::admin_post("/admin/accounts/update_general_settings", Box::new(admin_account_controller::update_general_settings)),
|
||||
Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key)),
|
||||
Route::admin_post("/admin/accounts/register_key", Box::new(admin_account_controller::register_key)),
|
||||
Route::limited_admin_post_without_login("/admin/accounts/challenge_auth_with_key", Box::new(admin_account_controller::challenge_auth_with_key), LimitPolicy::ANY(10)),
|
||||
]
|
||||
}
|
@ -17,7 +17,7 @@ use crate::controllers::{rtc_relay_controller, user_ws_controller};
|
||||
use crate::data::base_request_handler::{BaseRequestHandler, PostFile, RequestValue};
|
||||
use crate::data::config::Config;
|
||||
use crate::data::http_request_handler::HttpRequestHandler;
|
||||
use crate::helpers::{admin_access_token_helper, admin_key_registration_challenges_helper, api_helper, requests_limit_helper};
|
||||
use crate::helpers::{admin_access_token_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper, api_helper, requests_limit_helper};
|
||||
use crate::routes::{get_routes, RequestResult, Route, RouteScope};
|
||||
use crate::routes::Method::{GET, POST};
|
||||
use crate::utils::user_data_utils::user_data_path;
|
||||
@ -351,6 +351,7 @@ pub async fn start_server(conf: &Config) -> std::io::Result<()> {
|
||||
requests_limit_helper::init();
|
||||
admin_access_token_helper::init();
|
||||
admin_key_registration_challenges_helper::init();
|
||||
admin_key_authentication_challenges_helper::init();
|
||||
|
||||
let addr = conf.server_listen_address();
|
||||
println!("Start to listen on http://{}/", addr);
|
||||
|
Loading…
Reference in New Issue
Block a user