Record successful 2FA authentication in session cookie
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@ -13,11 +13,15 @@ use crate::actors::users_actor::UsersActor;
|
||||
use crate::data::session_identity::SessionIdentity;
|
||||
use crate::data::user::User;
|
||||
|
||||
pub struct CurrentUser(User);
|
||||
pub struct CurrentUser {
|
||||
user: User,
|
||||
pub auth_time: u64,
|
||||
pub last_2fa_auth: Option<u64>,
|
||||
}
|
||||
|
||||
impl From<CurrentUser> for User {
|
||||
fn from(user: CurrentUser) -> Self {
|
||||
user.0
|
||||
user.user
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,7 +29,7 @@ impl Deref for CurrentUser {
|
||||
type Target = User;
|
||||
|
||||
fn deref(&self) -> &Self::Target {
|
||||
&self.0
|
||||
&self.user
|
||||
}
|
||||
}
|
||||
|
||||
@ -40,7 +44,10 @@ impl FromRequest for CurrentUser {
|
||||
let identity: Identity = Identity::from_request(req, payload)
|
||||
.into_inner()
|
||||
.expect("Failed to get identity!");
|
||||
let user_id = SessionIdentity(Some(&identity)).user_id();
|
||||
let id = SessionIdentity(Some(&identity));
|
||||
let user_id = id.user_id();
|
||||
let last_2fa_auth = id.last_2fa_auth();
|
||||
let auth_time = id.auth_time();
|
||||
|
||||
Box::pin(async move {
|
||||
let user = match user_actor
|
||||
@ -57,7 +64,11 @@ impl FromRequest for CurrentUser {
|
||||
}
|
||||
};
|
||||
|
||||
Ok(CurrentUser(user))
|
||||
Ok(CurrentUser {
|
||||
user,
|
||||
auth_time,
|
||||
last_2fa_auth,
|
||||
})
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,6 +24,7 @@ pub struct SessionIdentityData {
|
||||
pub id: Option<UserID>,
|
||||
pub is_admin: bool,
|
||||
pub auth_time: u64,
|
||||
pub last_2fa_auth: Option<u64>,
|
||||
pub status: SessionStatus,
|
||||
}
|
||||
|
||||
@ -75,6 +76,7 @@ impl<'a> SessionIdentity<'a> {
|
||||
&SessionIdentityData {
|
||||
id: Some(user.uid.clone()),
|
||||
is_admin: user.admin,
|
||||
last_2fa_auth: None,
|
||||
auth_time: time(),
|
||||
status,
|
||||
},
|
||||
@ -87,6 +89,12 @@ impl<'a> SessionIdentity<'a> {
|
||||
self.set_session_data(req, &sess);
|
||||
}
|
||||
|
||||
pub fn record_2fa_auth(&self, req: &HttpRequest) {
|
||||
let mut sess = self.get_session_data().unwrap_or_default();
|
||||
sess.last_2fa_auth = Some(time());
|
||||
self.set_session_data(req, &sess);
|
||||
}
|
||||
|
||||
pub fn is_authenticated(&self) -> bool {
|
||||
self.get_session_data()
|
||||
.map(|s| s.status == SessionStatus::SignedIn)
|
||||
@ -119,4 +127,8 @@ impl<'a> SessionIdentity<'a> {
|
||||
pub fn auth_time(&self) -> u64 {
|
||||
self.get_session_data().unwrap_or_default().auth_time
|
||||
}
|
||||
|
||||
pub fn last_2fa_auth(&self) -> Option<u64> {
|
||||
self.get_session_data().unwrap_or_default().last_2fa_auth
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user