Record successful 2FA authentication in session cookie

2024-03-25 18:04:54 +01:00
parent b704e9868b
commit 5644e40763
6 changed files with 51 additions and 13 deletions
--- a/src/controllers/login_api.rs
+++ b/src/controllers/login_api.rs
@ -41,7 +41,9 @@ pub async fn auth_webauthn(
                .await
                .unwrap();

-            SessionIdentity(Some(&id)).set_status(&http_req, SessionStatus::SignedIn);
+            let session = SessionIdentity(Some(&id));
+            session.record_2fa_auth(&http_req);
+            session.set_status(&http_req, SessionStatus::SignedIn);
            logger.log(Action::LoginWebauthnAttempt {
                success: true,
                user_id,
--- a/src/controllers/login_controller.rs
+++ b/src/controllers/login_controller.rs
@ -258,7 +258,7 @@ pub async fn reset_password_route(

    let user_id = SessionIdentity(id.as_ref()).user_id();

-    // Check if user is setting a new  password
+    // Check if user is setting a new password
    if let Some(req) = &req {
        if req.password.len() < MIN_PASS_LEN {
            danger = Some("Password is too short!".to_string());
@ -408,7 +408,9 @@ pub async fn login_with_otp(
                .await
                .unwrap();

-            SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::SignedIn);
+            let session = SessionIdentity(id.as_ref());
+            session.record_2fa_auth(&http_req);
+            session.set_status(&http_req, SessionStatus::SignedIn);
            logger.log(Action::OTPLoginAttempt {
                success: true,
                user: &user,
--- a/src/controllers/two_factors_controller.rs
+++ b/src/controllers/two_factors_controller.rs
@ -13,12 +13,14 @@ use crate::data::current_user::CurrentUser;
 use crate::data::totp_key::TotpKey;
 use crate::data::user::User;
 use crate::data::webauthn_manager::WebAuthManagerReq;
+use crate::utils::time::fmt_time;

 #[derive(Template)]
 #[template(path = "settings/two_factors_page.html")]
 struct TwoFactorsPage<'a> {
    p: BaseSettingsPage<'a>,
    user: &'a User,
+    last_2fa_auth: Option<String>,
 }

 #[derive(Template)]
@ -46,6 +48,7 @@ pub async fn two_factors_route(user: CurrentUser) -> impl Responder {
        TwoFactorsPage {
            p: BaseSettingsPage::get("Two factor auth", &user, None, None),
            user: user.deref(),
+            last_2fa_auth: user.last_2fa_auth.map(fmt_time),
        }
        .render()
        .unwrap(),