mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2024-11-26 15:29:21 +00:00
Can create auth challenge
This commit is contained in:
parent
210dcb9597
commit
c52b7a4408
@ -8,14 +8,34 @@ use crate::api_data::admin::admin_auth_options::AdminAuthOptions;
|
|||||||
use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
|
use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
|
||||||
use crate::api_data::admin::admin_id_api::AdminIDAPI;
|
use crate::api_data::admin::admin_id_api::AdminIDAPI;
|
||||||
use crate::api_data::admin::admin_info_api::AdminInfoAPI;
|
use crate::api_data::admin::admin_info_api::AdminInfoAPI;
|
||||||
use crate::data::admin::NewAdminGeneralSettings;
|
use crate::data::admin::{AdminKey, NewAdminGeneralSettings};
|
||||||
use crate::data::base_request_handler::BaseRequestHandler;
|
use crate::data::base_request_handler::BaseRequestHandler;
|
||||||
|
use crate::data::error::Res;
|
||||||
use crate::data::http_request_handler::HttpRequestHandler;
|
use crate::data::http_request_handler::HttpRequestHandler;
|
||||||
use crate::data::webauthn_config::get_wan;
|
use crate::data::webauthn_config::get_wan;
|
||||||
use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_registration_challenges_helper};
|
use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper};
|
||||||
use crate::routes::RequestResult;
|
use crate::routes::RequestResult;
|
||||||
use crate::utils::date_utils::time;
|
use crate::utils::date_utils::time;
|
||||||
|
|
||||||
|
impl HttpRequestHandler {
|
||||||
|
pub fn post_admin_auth_key(&mut self, name_mail: &str, name_key_id: &str) -> Res<AdminKey> {
|
||||||
|
let mail = self.post_string(name_mail)?;
|
||||||
|
let key_id = self.post_u64(name_key_id)?;
|
||||||
|
|
||||||
|
let admin = admin_account_helper::find_admin_by_email(&mail)?;
|
||||||
|
let keys = admin_account_key_helper::get_admin_keys(admin.id)?;
|
||||||
|
|
||||||
|
let key = keys.into_iter()
|
||||||
|
.filter(|k| k.id == key_id)
|
||||||
|
.next();
|
||||||
|
|
||||||
|
match key {
|
||||||
|
Some(key) => Ok(key),
|
||||||
|
None => Err(self.bad_request("The key is not associated with this account!".to_string()).unwrap_err())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// Get admin auth options
|
/// Get admin auth options
|
||||||
pub fn get_auth_options(r: &mut HttpRequestHandler) -> RequestResult {
|
pub fn get_auth_options(r: &mut HttpRequestHandler) -> RequestResult {
|
||||||
let mail = r.post_email("mail")?;
|
let mail = r.post_email("mail")?;
|
||||||
@ -123,3 +143,15 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
|
|||||||
|
|
||||||
r.ok()
|
r.ok()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Generate a challenge to authenticate with a security key
|
||||||
|
pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||||
|
let key = r.post_admin_auth_key("mail", "key_id")?;
|
||||||
|
|
||||||
|
let (challenge_response, auth_state) =
|
||||||
|
get_wan().generate_challenge_authenticate(vec![key.key], None)?;
|
||||||
|
|
||||||
|
admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
|
||||||
|
|
||||||
|
r.set_response(challenge_response)
|
||||||
|
}
|
41
src/helpers/admin_key_authentication_challenges_helper.rs
Normal file
41
src/helpers/admin_key_authentication_challenges_helper.rs
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
//! # Administrators key authentication challenges helper
|
||||||
|
//!
|
||||||
|
//! Allows to temporarily stores keys authentication challenges
|
||||||
|
//!
|
||||||
|
//! @author Pierre Hubert
|
||||||
|
|
||||||
|
use std::collections::HashMap;
|
||||||
|
use std::sync::{Arc, Mutex};
|
||||||
|
|
||||||
|
use webauthn_rs::AuthenticationState;
|
||||||
|
|
||||||
|
use crate::data::error::Res;
|
||||||
|
|
||||||
|
static mut CACHE: Option<Arc<Mutex<HashMap<u64, AuthenticationState>>>> = None;
|
||||||
|
|
||||||
|
/// Initialize this helper's cache
|
||||||
|
pub fn init() {
|
||||||
|
unsafe {
|
||||||
|
let map = HashMap::new();
|
||||||
|
CACHE = Some(Arc::new(Mutex::new(map)));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Store a new entry in the cache
|
||||||
|
pub fn set(key_id: u64, state: AuthenticationState) -> Res {
|
||||||
|
let cache = unsafe {
|
||||||
|
CACHE.as_ref().unwrap().lock()
|
||||||
|
};
|
||||||
|
|
||||||
|
cache?.insert(key_id, state);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn get(key_id: u64) -> Res<Option<AuthenticationState>> {
|
||||||
|
let cache = unsafe {
|
||||||
|
CACHE.as_ref().unwrap().lock()
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(cache?.remove(&key_id))
|
||||||
|
}
|
@ -26,3 +26,4 @@ pub mod admin_account_helper;
|
|||||||
pub mod admin_account_key_helper;
|
pub mod admin_account_key_helper;
|
||||||
pub mod admin_access_token_helper;
|
pub mod admin_access_token_helper;
|
||||||
pub mod admin_key_registration_challenges_helper;
|
pub mod admin_key_registration_challenges_helper;
|
||||||
|
pub mod admin_key_authentication_challenges_helper;
|
@ -355,5 +355,6 @@ pub fn get_routes() -> Vec<Route> {
|
|||||||
Route::admin_post("/admin/accounts/update_general_settings", Box::new(admin_account_controller::update_general_settings)),
|
Route::admin_post("/admin/accounts/update_general_settings", Box::new(admin_account_controller::update_general_settings)),
|
||||||
Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key)),
|
Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key)),
|
||||||
Route::admin_post("/admin/accounts/register_key", Box::new(admin_account_controller::register_key)),
|
Route::admin_post("/admin/accounts/register_key", Box::new(admin_account_controller::register_key)),
|
||||||
|
Route::limited_admin_post_without_login("/admin/accounts/challenge_auth_with_key", Box::new(admin_account_controller::challenge_auth_with_key), LimitPolicy::ANY(10)),
|
||||||
]
|
]
|
||||||
}
|
}
|
@ -17,7 +17,7 @@ use crate::controllers::{rtc_relay_controller, user_ws_controller};
|
|||||||
use crate::data::base_request_handler::{BaseRequestHandler, PostFile, RequestValue};
|
use crate::data::base_request_handler::{BaseRequestHandler, PostFile, RequestValue};
|
||||||
use crate::data::config::Config;
|
use crate::data::config::Config;
|
||||||
use crate::data::http_request_handler::HttpRequestHandler;
|
use crate::data::http_request_handler::HttpRequestHandler;
|
||||||
use crate::helpers::{admin_access_token_helper, admin_key_registration_challenges_helper, api_helper, requests_limit_helper};
|
use crate::helpers::{admin_access_token_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper, api_helper, requests_limit_helper};
|
||||||
use crate::routes::{get_routes, RequestResult, Route, RouteScope};
|
use crate::routes::{get_routes, RequestResult, Route, RouteScope};
|
||||||
use crate::routes::Method::{GET, POST};
|
use crate::routes::Method::{GET, POST};
|
||||||
use crate::utils::user_data_utils::user_data_path;
|
use crate::utils::user_data_utils::user_data_path;
|
||||||
@ -351,6 +351,7 @@ pub async fn start_server(conf: &Config) -> std::io::Result<()> {
|
|||||||
requests_limit_helper::init();
|
requests_limit_helper::init();
|
||||||
admin_access_token_helper::init();
|
admin_access_token_helper::init();
|
||||||
admin_key_registration_challenges_helper::init();
|
admin_key_registration_challenges_helper::init();
|
||||||
|
admin_key_authentication_challenges_helper::init();
|
||||||
|
|
||||||
let addr = conf.server_listen_address();
|
let addr = conf.server_listen_address();
|
||||||
println!("Start to listen on http://{}/", addr);
|
println!("Start to listen on http://{}/", addr);
|
||||||
|
Loading…
Reference in New Issue
Block a user