mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2024-11-22 13:29:21 +00:00
Add password to security keys
This commit is contained in:
parent
28b24f39b0
commit
cb44497fee
@ -288,6 +288,7 @@ CREATE TABLE `comunic_admin_key` (
|
|||||||
`name` VARCHAR(45) NULL,
|
`name` VARCHAR(45) NULL,
|
||||||
`time_add` INT NULL,
|
`time_add` INT NULL,
|
||||||
`credential` TEXT NULL,
|
`credential` TEXT NULL,
|
||||||
|
`password` VARCHAR(255) NULL,
|
||||||
PRIMARY KEY (`id`));
|
PRIMARY KEY (`id`));
|
||||||
|
|
||||||
CREATE TABLE `comunic_admin_roles` (
|
CREATE TABLE `comunic_admin_roles` (
|
||||||
|
|||||||
@ -14,6 +14,7 @@ CREATE TABLE `comunic_admin_key` (
|
|||||||
`name` VARCHAR(45) NULL,
|
`name` VARCHAR(45) NULL,
|
||||||
`time_add` INT NULL,
|
`time_add` INT NULL,
|
||||||
`credential` TEXT NULL,
|
`credential` TEXT NULL,
|
||||||
|
`password` VARCHAR(255) NULL,
|
||||||
PRIMARY KEY (`id`));
|
PRIMARY KEY (`id`));
|
||||||
|
|
||||||
CREATE TABLE `comunic_admin_roles` (
|
CREATE TABLE `comunic_admin_roles` (
|
||||||
|
|||||||
@ -10,6 +10,7 @@ use crate::data::admin::{Admin, AdminKey};
|
|||||||
struct AuthKey {
|
struct AuthKey {
|
||||||
name: String,
|
name: String,
|
||||||
id: u64,
|
id: u64,
|
||||||
|
password: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Serialize)]
|
#[derive(Serialize)]
|
||||||
@ -22,7 +23,7 @@ impl AdminAuthOptions {
|
|||||||
pub fn new(admin: &Admin, keys: &Vec<AdminKey>) -> Self {
|
pub fn new(admin: &Admin, keys: &Vec<AdminKey>) -> Self {
|
||||||
Self {
|
Self {
|
||||||
reset_token: admin.reset_token.is_some(),
|
reset_token: admin.reset_token.is_some(),
|
||||||
keys: keys.iter().map(|k| AuthKey { id: k.id, name: k.name.to_string() }).collect(),
|
keys: keys.iter().map(|k| AuthKey { id: k.id, name: k.name.to_string(), password: k.password.is_some() }).collect(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -10,6 +10,7 @@ pub struct AdminKeyAPI {
|
|||||||
id: u64,
|
id: u64,
|
||||||
name: String,
|
name: String,
|
||||||
time_add: u64,
|
time_add: u64,
|
||||||
|
has_password: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl AdminKeyAPI {
|
impl AdminKeyAPI {
|
||||||
@ -18,6 +19,7 @@ impl AdminKeyAPI {
|
|||||||
id: key.id,
|
id: key.id,
|
||||||
name: key.name.to_string(),
|
name: key.name.to_string(),
|
||||||
time_add: key.time_add,
|
time_add: key.time_add,
|
||||||
|
has_password: key.password.is_some(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -3,6 +3,8 @@
|
|||||||
//! @author Pierre Hubert
|
//! @author Pierre Hubert
|
||||||
|
|
||||||
|
|
||||||
|
use bcrypt::verify;
|
||||||
|
|
||||||
use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
|
use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
|
||||||
use crate::api_data::admin::admin_keys_api::AdminKeyAPI;
|
use crate::api_data::admin::admin_keys_api::AdminKeyAPI;
|
||||||
use crate::constants::admin::AdminRole;
|
use crate::constants::admin::AdminRole;
|
||||||
@ -63,6 +65,7 @@ pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
|
|||||||
/// Register key
|
/// Register key
|
||||||
pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
|
pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||||
let key_name = r.post_string("name")?;
|
let key_name = r.post_string("name")?;
|
||||||
|
let key_password = r.post_string("password")?;
|
||||||
|
|
||||||
let creds = r.post_register_public_key_credential("key")?;
|
let creds = r.post_register_public_key_credential("key")?;
|
||||||
let state = r.some_or_internal_error(
|
let state = r.some_or_internal_error(
|
||||||
@ -73,7 +76,7 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
|
|||||||
let wan = get_wan();
|
let wan = get_wan();
|
||||||
let key = wan.register_credential(creds, state, |_| Ok(false))?;
|
let key = wan.register_credential(creds, state, |_| Ok(false))?;
|
||||||
|
|
||||||
let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key)?;
|
let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key, key_password)?;
|
||||||
|
|
||||||
log_admin_action(r.admin_id()?, &r.remote_ip(),
|
log_admin_action(r.admin_id()?, &r.remote_ip(),
|
||||||
AdminAction::RegisteredAdminKey {
|
AdminAction::RegisteredAdminKey {
|
||||||
@ -138,6 +141,15 @@ pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
|
|||||||
let state = get_wan().authenticate_credential(credentials, state)?;
|
let state = get_wan().authenticate_credential(credentials, state)?;
|
||||||
r.some_or_bad_request(state, "Invalid key!")?;
|
r.some_or_bad_request(state, "Invalid key!")?;
|
||||||
|
|
||||||
|
// Check key password (if any)
|
||||||
|
if let Some(pass_hash) = key.password {
|
||||||
|
let password = r.post_string("password")?;
|
||||||
|
|
||||||
|
if !verify(password, &pass_hash)? {
|
||||||
|
r.forbidden("Bad key password!".to_string())?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Generate access token
|
// Generate access token
|
||||||
let token = admin_access_token_helper::create(key.admin_id)?;
|
let token = admin_access_token_helper::create(key.admin_id)?;
|
||||||
|
|
||||||
|
|||||||
@ -51,6 +51,7 @@ pub struct AdminKey {
|
|||||||
pub name: String,
|
pub name: String,
|
||||||
pub time_add: u64,
|
pub time_add: u64,
|
||||||
pub key: Credential,
|
pub key: Credential,
|
||||||
|
pub password: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Admin access token
|
/// Admin access token
|
||||||
|
|||||||
@ -2,6 +2,7 @@
|
|||||||
//!
|
//!
|
||||||
//! @author Pierre Hubert
|
//! @author Pierre Hubert
|
||||||
|
|
||||||
|
use bcrypt::{DEFAULT_COST, hash_with_result};
|
||||||
use webauthn_rs::proto::Credential;
|
use webauthn_rs::proto::Credential;
|
||||||
|
|
||||||
use crate::constants::database_tables_names::ADMIN_KEYS_TABLE;
|
use crate::constants::database_tables_names::ADMIN_KEYS_TABLE;
|
||||||
@ -11,12 +12,13 @@ use crate::helpers::database;
|
|||||||
use crate::utils::date_utils::time;
|
use crate::utils::date_utils::time;
|
||||||
|
|
||||||
/// Save a new key in the database
|
/// Save a new key in the database
|
||||||
pub fn add_key(id: AdminID, name: &str, key: Credential) -> Res<u64> {
|
pub fn add_key(id: AdminID, name: &str, key: Credential, password: String) -> Res<u64> {
|
||||||
database::InsertQuery::new(ADMIN_KEYS_TABLE)
|
database::InsertQuery::new(ADMIN_KEYS_TABLE)
|
||||||
.add_admin_id("admin_id", id)
|
.add_admin_id("admin_id", id)
|
||||||
.add_str("name", name)
|
.add_str("name", name)
|
||||||
.add_u64("time_add", time())
|
.add_u64("time_add", time())
|
||||||
.add_str("credential", &serde_json::to_string(&key)?)
|
.add_str("credential", &serde_json::to_string(&key)?)
|
||||||
|
.add_str("password", &hash_with_result(password, DEFAULT_COST)?.to_string())
|
||||||
.insert_expect_result()
|
.insert_expect_result()
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -42,5 +44,6 @@ fn db_to_admin_key(row: &database::RowResult) -> Res<AdminKey> {
|
|||||||
name: row.get_str("name")?,
|
name: row.get_str("name")?,
|
||||||
time_add: row.get_u64("time_add")?,
|
time_add: row.get_u64("time_add")?,
|
||||||
key: serde_json::from_str(&row.get_str("credential")?)?,
|
key: serde_json::from_str(&row.get_str("credential")?)?,
|
||||||
|
password: row.get_optional_str("password")?,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue
Block a user