From 7060ce3fe47c0bac1058abd3393c042045a4ba17 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Wed, 27 Mar 2024 21:03:49 +0100 Subject: [PATCH] Enforce 2FA for user admin routes --- README.md | 4 ++-- src/controllers/admin_api.rs | 3 +++ src/controllers/admin_controller.rs | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 96d5dd6..96a08c4 100644 --- a/README.md +++ b/README.md @@ -20,10 +20,10 @@ You can configure a list of clients (Relying Parties) in a `clients.yaml` file w redirect_uri: https://mygit.mywebsite.com/ # If you want new accounts to be granted access to this client by default default: true - # If you want the client to be granted to every users, regardless their account configuration + # If you want the client to be granted to every user, regardless their account configuration granted_to_all_users: true # If you want users to have performed recent second factor authentication before accessing this client, set this setting to true - enforce_mfa_auth: true + enforce_2fa_auth: true ``` On the first run, BasicOIDC will create a new administrator with credentials `admin` / `admin`. On first login you will have to change these default credentials. diff --git a/src/controllers/admin_api.rs b/src/controllers/admin_api.rs index eeb78b6..0f6d9ea 100644 --- a/src/controllers/admin_api.rs +++ b/src/controllers/admin_api.rs @@ -4,6 +4,7 @@ use actix_web::{web, HttpResponse, Responder}; use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersActor}; use crate::data::action_logger::{Action, ActionLogger}; +use crate::data::critical_route::CriticalRoute; use crate::data::current_user::CurrentUser; use crate::data::user::UserID; use crate::utils::string_utils; @@ -19,6 +20,7 @@ struct FindUserResult { } pub async fn find_username( + _critical: CriticalRoute, req: web::Form, users: web::Data>, ) -> impl Responder { @@ -41,6 +43,7 @@ pub struct DeleteUserReq { } pub async fn delete_user( + _critical: CriticalRoute, user: CurrentUser, req: web::Form, users: web::Data>, diff --git a/src/controllers/admin_controller.rs b/src/controllers/admin_controller.rs index e1f5770..57904bf 100644 --- a/src/controllers/admin_controller.rs +++ b/src/controllers/admin_controller.rs @@ -12,6 +12,7 @@ use crate::controllers::settings_controller::BaseSettingsPage; use crate::data::action_logger::{Action, ActionLogger}; use crate::data::app_config::AppConfig; use crate::data::client::{Client, ClientID, ClientManager}; +use crate::data::critical_route::CriticalRoute; use crate::data::current_user::CurrentUser; use crate::data::provider::{Provider, ProviderID, ProvidersManager}; use crate::data::user::{GeneralSettings, GrantedClients, User, UserID}; @@ -98,6 +99,7 @@ pub struct UpdateUserQuery { } pub async fn users_route( + _critical: CriticalRoute, admin: CurrentUser, users: web::Data>, update_query: Option>, @@ -299,6 +301,7 @@ pub async fn users_route( } pub async fn create_user( + _critical: CriticalRoute, admin: CurrentUser, clients: web::Data>, providers: web::Data>, @@ -332,6 +335,7 @@ pub struct EditUserQuery { } pub async fn edit_user( + _critical: CriticalRoute, admin: CurrentUser, clients: web::Data>, providers: web::Data>,