|
|
|
@@ -1,6 +1,6 @@
|
|
|
|
|
use actix::Addr;
|
|
|
|
|
use actix_identity::Identity;
|
|
|
|
|
use actix_web::{HttpResponse, Responder, web};
|
|
|
|
|
use actix_web::{HttpRequest, HttpResponse, Responder, web};
|
|
|
|
|
use askama::Template;
|
|
|
|
|
|
|
|
|
|
use crate::actors::{bruteforce_actor, users_actor};
|
|
|
|
@@ -80,7 +80,8 @@ pub async fn login_route(
|
|
|
|
|
bruteforce: web::Data<Addr<BruteForceActor>>,
|
|
|
|
|
query: web::Query<LoginRequestQuery>,
|
|
|
|
|
req: Option<web::Form<LoginRequestBody>>,
|
|
|
|
|
id: Identity,
|
|
|
|
|
id: Option<Identity>,
|
|
|
|
|
http_req: HttpRequest,
|
|
|
|
|
) -> impl Responder {
|
|
|
|
|
let mut danger = None;
|
|
|
|
|
let mut success = None;
|
|
|
|
@@ -97,27 +98,29 @@ pub async fn login_route(
|
|
|
|
|
|
|
|
|
|
// Check if user session must be closed
|
|
|
|
|
if let Some(true) = query.logout {
|
|
|
|
|
id.forget();
|
|
|
|
|
if let Some(id) = id {
|
|
|
|
|
id.logout();
|
|
|
|
|
}
|
|
|
|
|
success = Some("Goodbye!".to_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if user is already authenticated
|
|
|
|
|
if SessionIdentity(&id).is_authenticated() {
|
|
|
|
|
else if SessionIdentity(id.as_ref()).is_authenticated() {
|
|
|
|
|
return redirect_user(query.redirect.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if the password of the user has to be changed
|
|
|
|
|
if SessionIdentity(&id).need_new_password() {
|
|
|
|
|
else if SessionIdentity(id.as_ref()).need_new_password() {
|
|
|
|
|
return redirect_user(&format!("/reset_password?redirect={}", query.redirect.get_encoded()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if the user has to valide a second factor
|
|
|
|
|
if SessionIdentity(&id).need_2fa_auth() {
|
|
|
|
|
else if SessionIdentity(id.as_ref()).need_2fa_auth() {
|
|
|
|
|
return redirect_user(&format!("/2fa_auth?redirect={}", query.redirect.get_encoded()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Try to authenticate user
|
|
|
|
|
if let Some(req) = &req {
|
|
|
|
|
else if let Some(req) = &req {
|
|
|
|
|
login = req.login.clone();
|
|
|
|
|
let response: LoginResult = users
|
|
|
|
|
.send(users_actor::LoginRequest {
|
|
|
|
@@ -129,13 +132,13 @@ pub async fn login_route(
|
|
|
|
|
|
|
|
|
|
match response {
|
|
|
|
|
LoginResult::Success(user) => {
|
|
|
|
|
SessionIdentity(&id).set_user(&user);
|
|
|
|
|
SessionIdentity(id.as_ref()).set_user(&http_req, &user);
|
|
|
|
|
|
|
|
|
|
return if user.need_reset_password {
|
|
|
|
|
SessionIdentity(&id).set_status(SessionStatus::NeedNewPassword);
|
|
|
|
|
SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::NeedNewPassword);
|
|
|
|
|
redirect_user(&format!("/reset_password?redirect={}", query.redirect.get_encoded()))
|
|
|
|
|
} else if user.has_two_factor() {
|
|
|
|
|
SessionIdentity(&id).set_status(SessionStatus::Need2FA);
|
|
|
|
|
SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::Need2FA);
|
|
|
|
|
redirect_user(&format!("/2fa_auth?redirect={}", query.redirect.get_encoded()))
|
|
|
|
|
} else {
|
|
|
|
|
redirect_user(query.redirect.get())
|
|
|
|
@@ -189,12 +192,13 @@ pub struct PasswordResetQuery {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Reset user password route
|
|
|
|
|
pub async fn reset_password_route(id: Identity, query: web::Query<PasswordResetQuery>,
|
|
|
|
|
pub async fn reset_password_route(id: Option<Identity>, query: web::Query<PasswordResetQuery>,
|
|
|
|
|
req: Option<web::Form<ChangePasswordRequestBody>>,
|
|
|
|
|
users: web::Data<Addr<UsersActor>>) -> impl Responder {
|
|
|
|
|
users: web::Data<Addr<UsersActor>>,
|
|
|
|
|
http_req: HttpRequest) -> impl Responder {
|
|
|
|
|
let mut danger = None;
|
|
|
|
|
|
|
|
|
|
if !SessionIdentity(&id).need_new_password() {
|
|
|
|
|
if !SessionIdentity(id.as_ref()).need_new_password() {
|
|
|
|
|
return redirect_user_for_login(query.redirect.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@@ -205,7 +209,7 @@ pub async fn reset_password_route(id: Identity, query: web::Query<PasswordResetQ
|
|
|
|
|
} else {
|
|
|
|
|
let res: ChangePasswordResult = users
|
|
|
|
|
.send(users_actor::ChangePasswordRequest {
|
|
|
|
|
user_id: SessionIdentity(&id).user_id(),
|
|
|
|
|
user_id: SessionIdentity(id.as_ref()).user_id(),
|
|
|
|
|
new_password: req.password.clone(),
|
|
|
|
|
temporary: false,
|
|
|
|
|
})
|
|
|
|
@@ -215,7 +219,7 @@ pub async fn reset_password_route(id: Identity, query: web::Query<PasswordResetQ
|
|
|
|
|
if !res.0 {
|
|
|
|
|
danger = Some("Failed to change password!".to_string());
|
|
|
|
|
} else {
|
|
|
|
|
SessionIdentity(&id).set_status(SessionStatus::SignedIn);
|
|
|
|
|
SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::SignedIn);
|
|
|
|
|
return redirect_user(query.redirect.get());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
@@ -246,13 +250,14 @@ pub struct ChooseSecondFactorQuery {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Let the user select the factor to use to authenticate
|
|
|
|
|
pub async fn choose_2fa_method(id: Identity, query: web::Query<ChooseSecondFactorQuery>,
|
|
|
|
|
pub async fn choose_2fa_method(id: Option<Identity>, query: web::Query<ChooseSecondFactorQuery>,
|
|
|
|
|
users: web::Data<Addr<UsersActor>>) -> impl Responder {
|
|
|
|
|
if !SessionIdentity(&id).need_2fa_auth() {
|
|
|
|
|
if !SessionIdentity(id.as_ref()).need_2fa_auth() {
|
|
|
|
|
log::trace!("User does not require 2fa auth, redirecting");
|
|
|
|
|
return redirect_user_for_login(query.redirect.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(&id).user_id()))
|
|
|
|
|
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(id.as_ref()).user_id()))
|
|
|
|
|
.await.unwrap().0.expect("Could not find user!");
|
|
|
|
|
|
|
|
|
|
// Automatically choose factor if there is only one factor
|
|
|
|
@@ -290,16 +295,17 @@ pub struct LoginWithOTPForm {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/// Login with OTP
|
|
|
|
|
pub async fn login_with_otp(id: Identity, query: web::Query<LoginWithOTPQuery>,
|
|
|
|
|
pub async fn login_with_otp(id: Option<Identity>, query: web::Query<LoginWithOTPQuery>,
|
|
|
|
|
form: Option<web::Form<LoginWithOTPForm>>,
|
|
|
|
|
users: web::Data<Addr<UsersActor>>) -> impl Responder {
|
|
|
|
|
users: web::Data<Addr<UsersActor>>,
|
|
|
|
|
http_req: HttpRequest) -> impl Responder {
|
|
|
|
|
let mut danger = None;
|
|
|
|
|
|
|
|
|
|
if !SessionIdentity(&id).need_2fa_auth() {
|
|
|
|
|
if !SessionIdentity(id.as_ref()).need_2fa_auth() {
|
|
|
|
|
return redirect_user_for_login(query.redirect.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(&id).user_id()))
|
|
|
|
|
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(id.as_ref()).user_id()))
|
|
|
|
|
.await.unwrap().0.expect("Could not find user!");
|
|
|
|
|
|
|
|
|
|
let factor = match user.find_factor(&query.id) {
|
|
|
|
@@ -318,7 +324,7 @@ pub async fn login_with_otp(id: Identity, query: web::Query<LoginWithOTPQuery>,
|
|
|
|
|
if !key.check_code(&form.code).unwrap_or(false) {
|
|
|
|
|
danger = Some("Specified code is invalid!".to_string());
|
|
|
|
|
} else {
|
|
|
|
|
SessionIdentity(&id).set_status(SessionStatus::SignedIn);
|
|
|
|
|
SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::SignedIn);
|
|
|
|
|
return redirect_user(query.redirect.get());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
@@ -344,14 +350,14 @@ pub struct LoginWithWebauthnQuery {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/// Login with Webauthn
|
|
|
|
|
pub async fn login_with_webauthn(id: Identity, query: web::Query<LoginWithWebauthnQuery>,
|
|
|
|
|
pub async fn login_with_webauthn(id: Option<Identity>, query: web::Query<LoginWithWebauthnQuery>,
|
|
|
|
|
manager: WebAuthManagerReq,
|
|
|
|
|
users: web::Data<Addr<UsersActor>>) -> impl Responder {
|
|
|
|
|
if !SessionIdentity(&id).need_2fa_auth() {
|
|
|
|
|
if !SessionIdentity(id.as_ref()).need_2fa_auth() {
|
|
|
|
|
return redirect_user_for_login(query.redirect.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(&id).user_id()))
|
|
|
|
|
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(id.as_ref()).user_id()))
|
|
|
|
|
.await.unwrap().0.expect("Could not find user!");
|
|
|
|
|
|
|
|
|
|
let factor = match user.find_factor(&query.id) {
|
|
|
|
|