Enforce 2FA for user admin routes
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
cf0e7e1e68
commit
7060ce3fe4
@ -20,10 +20,10 @@ You can configure a list of clients (Relying Parties) in a `clients.yaml` file w
|
||||
redirect_uri: https://mygit.mywebsite.com/
|
||||
# If you want new accounts to be granted access to this client by default
|
||||
default: true
|
||||
# If you want the client to be granted to every users, regardless their account configuration
|
||||
# If you want the client to be granted to every user, regardless their account configuration
|
||||
granted_to_all_users: true
|
||||
# If you want users to have performed recent second factor authentication before accessing this client, set this setting to true
|
||||
enforce_mfa_auth: true
|
||||
enforce_2fa_auth: true
|
||||
```
|
||||
|
||||
On the first run, BasicOIDC will create a new administrator with credentials `admin` / `admin`. On first login you will have to change these default credentials.
|
||||
|
@ -4,6 +4,7 @@ use actix_web::{web, HttpResponse, Responder};
|
||||
|
||||
use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersActor};
|
||||
use crate::data::action_logger::{Action, ActionLogger};
|
||||
use crate::data::critical_route::CriticalRoute;
|
||||
use crate::data::current_user::CurrentUser;
|
||||
use crate::data::user::UserID;
|
||||
use crate::utils::string_utils;
|
||||
@ -19,6 +20,7 @@ struct FindUserResult {
|
||||
}
|
||||
|
||||
pub async fn find_username(
|
||||
_critical: CriticalRoute,
|
||||
req: web::Form<FindUserNameReq>,
|
||||
users: web::Data<Addr<UsersActor>>,
|
||||
) -> impl Responder {
|
||||
@ -41,6 +43,7 @@ pub struct DeleteUserReq {
|
||||
}
|
||||
|
||||
pub async fn delete_user(
|
||||
_critical: CriticalRoute,
|
||||
user: CurrentUser,
|
||||
req: web::Form<DeleteUserReq>,
|
||||
users: web::Data<Addr<UsersActor>>,
|
||||
|
@ -12,6 +12,7 @@ use crate::controllers::settings_controller::BaseSettingsPage;
|
||||
use crate::data::action_logger::{Action, ActionLogger};
|
||||
use crate::data::app_config::AppConfig;
|
||||
use crate::data::client::{Client, ClientID, ClientManager};
|
||||
use crate::data::critical_route::CriticalRoute;
|
||||
use crate::data::current_user::CurrentUser;
|
||||
use crate::data::provider::{Provider, ProviderID, ProvidersManager};
|
||||
use crate::data::user::{GeneralSettings, GrantedClients, User, UserID};
|
||||
@ -98,6 +99,7 @@ pub struct UpdateUserQuery {
|
||||
}
|
||||
|
||||
pub async fn users_route(
|
||||
_critical: CriticalRoute,
|
||||
admin: CurrentUser,
|
||||
users: web::Data<Addr<UsersActor>>,
|
||||
update_query: Option<web::Form<UpdateUserQuery>>,
|
||||
@ -299,6 +301,7 @@ pub async fn users_route(
|
||||
}
|
||||
|
||||
pub async fn create_user(
|
||||
_critical: CriticalRoute,
|
||||
admin: CurrentUser,
|
||||
clients: web::Data<Arc<ClientManager>>,
|
||||
providers: web::Data<Arc<ProvidersManager>>,
|
||||
@ -332,6 +335,7 @@ pub struct EditUserQuery {
|
||||
}
|
||||
|
||||
pub async fn edit_user(
|
||||
_critical: CriticalRoute,
|
||||
admin: CurrentUser,
|
||||
clients: web::Data<Arc<ClientManager>>,
|
||||
providers: web::Data<Arc<ProvidersManager>>,
|
||||
|
Loading…
Reference in New Issue
Block a user