1
0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2024-11-26 15:29:21 +00:00

Can create auth challenge

This commit is contained in:
Pierre HUBERT 2021-05-14 11:57:24 +02:00
parent 210dcb9597
commit c52b7a4408
5 changed files with 80 additions and 4 deletions

View File

@ -8,14 +8,34 @@ use crate::api_data::admin::admin_auth_options::AdminAuthOptions;
use crate::api_data::admin::admin_auth_success::AdminAuthSuccess; use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
use crate::api_data::admin::admin_id_api::AdminIDAPI; use crate::api_data::admin::admin_id_api::AdminIDAPI;
use crate::api_data::admin::admin_info_api::AdminInfoAPI; use crate::api_data::admin::admin_info_api::AdminInfoAPI;
use crate::data::admin::NewAdminGeneralSettings; use crate::data::admin::{AdminKey, NewAdminGeneralSettings};
use crate::data::base_request_handler::BaseRequestHandler; use crate::data::base_request_handler::BaseRequestHandler;
use crate::data::error::Res;
use crate::data::http_request_handler::HttpRequestHandler; use crate::data::http_request_handler::HttpRequestHandler;
use crate::data::webauthn_config::get_wan; use crate::data::webauthn_config::get_wan;
use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_registration_challenges_helper}; use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper};
use crate::routes::RequestResult; use crate::routes::RequestResult;
use crate::utils::date_utils::time; use crate::utils::date_utils::time;
impl HttpRequestHandler {
pub fn post_admin_auth_key(&mut self, name_mail: &str, name_key_id: &str) -> Res<AdminKey> {
let mail = self.post_string(name_mail)?;
let key_id = self.post_u64(name_key_id)?;
let admin = admin_account_helper::find_admin_by_email(&mail)?;
let keys = admin_account_key_helper::get_admin_keys(admin.id)?;
let key = keys.into_iter()
.filter(|k| k.id == key_id)
.next();
match key {
Some(key) => Ok(key),
None => Err(self.bad_request("The key is not associated with this account!".to_string()).unwrap_err())
}
}
}
/// Get admin auth options /// Get admin auth options
pub fn get_auth_options(r: &mut HttpRequestHandler) -> RequestResult { pub fn get_auth_options(r: &mut HttpRequestHandler) -> RequestResult {
let mail = r.post_email("mail")?; let mail = r.post_email("mail")?;
@ -123,3 +143,15 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
r.ok() r.ok()
} }
/// Generate a challenge to authenticate with a security key
pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
let key = r.post_admin_auth_key("mail", "key_id")?;
let (challenge_response, auth_state) =
get_wan().generate_challenge_authenticate(vec![key.key], None)?;
admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
r.set_response(challenge_response)
}

View File

@ -0,0 +1,41 @@
//! # Administrators key authentication challenges helper
//!
//! Allows to temporarily stores keys authentication challenges
//!
//! @author Pierre Hubert
use std::collections::HashMap;
use std::sync::{Arc, Mutex};
use webauthn_rs::AuthenticationState;
use crate::data::error::Res;
static mut CACHE: Option<Arc<Mutex<HashMap<u64, AuthenticationState>>>> = None;
/// Initialize this helper's cache
pub fn init() {
unsafe {
let map = HashMap::new();
CACHE = Some(Arc::new(Mutex::new(map)));
}
}
/// Store a new entry in the cache
pub fn set(key_id: u64, state: AuthenticationState) -> Res {
let cache = unsafe {
CACHE.as_ref().unwrap().lock()
};
cache?.insert(key_id, state);
Ok(())
}
pub fn get(key_id: u64) -> Res<Option<AuthenticationState>> {
let cache = unsafe {
CACHE.as_ref().unwrap().lock()
};
Ok(cache?.remove(&key_id))
}

View File

@ -26,3 +26,4 @@ pub mod admin_account_helper;
pub mod admin_account_key_helper; pub mod admin_account_key_helper;
pub mod admin_access_token_helper; pub mod admin_access_token_helper;
pub mod admin_key_registration_challenges_helper; pub mod admin_key_registration_challenges_helper;
pub mod admin_key_authentication_challenges_helper;

View File

@ -355,5 +355,6 @@ pub fn get_routes() -> Vec<Route> {
Route::admin_post("/admin/accounts/update_general_settings", Box::new(admin_account_controller::update_general_settings)), Route::admin_post("/admin/accounts/update_general_settings", Box::new(admin_account_controller::update_general_settings)),
Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key)), Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key)),
Route::admin_post("/admin/accounts/register_key", Box::new(admin_account_controller::register_key)), Route::admin_post("/admin/accounts/register_key", Box::new(admin_account_controller::register_key)),
Route::limited_admin_post_without_login("/admin/accounts/challenge_auth_with_key", Box::new(admin_account_controller::challenge_auth_with_key), LimitPolicy::ANY(10)),
] ]
} }

View File

@ -17,7 +17,7 @@ use crate::controllers::{rtc_relay_controller, user_ws_controller};
use crate::data::base_request_handler::{BaseRequestHandler, PostFile, RequestValue}; use crate::data::base_request_handler::{BaseRequestHandler, PostFile, RequestValue};
use crate::data::config::Config; use crate::data::config::Config;
use crate::data::http_request_handler::HttpRequestHandler; use crate::data::http_request_handler::HttpRequestHandler;
use crate::helpers::{admin_access_token_helper, admin_key_registration_challenges_helper, api_helper, requests_limit_helper}; use crate::helpers::{admin_access_token_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper, api_helper, requests_limit_helper};
use crate::routes::{get_routes, RequestResult, Route, RouteScope}; use crate::routes::{get_routes, RequestResult, Route, RouteScope};
use crate::routes::Method::{GET, POST}; use crate::routes::Method::{GET, POST};
use crate::utils::user_data_utils::user_data_path; use crate::utils::user_data_utils::user_data_path;
@ -351,6 +351,7 @@ pub async fn start_server(conf: &Config) -> std::io::Result<()> {
requests_limit_helper::init(); requests_limit_helper::init();
admin_access_token_helper::init(); admin_access_token_helper::init();
admin_key_registration_challenges_helper::init(); admin_key_registration_challenges_helper::init();
admin_key_authentication_challenges_helper::init();
let addr = conf.server_listen_address(); let addr = conf.server_listen_address();
println!("Start to listen on http://{}/", addr); println!("Start to listen on http://{}/", addr);