pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Administrators can remove two factor authentication

Browse Source
This commit is contained in:
Pierre HUBERT
2022-04-19 17:14:05 +02:00
parent 630ebe2ddd
commit 78d70af510
5 changed files with 44 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/controllers/admin_controller.rs
View File

@ -60,6 +60,7 @@ pub struct UpdateUserQuery {
admin: Option<String>,
grant_type: String,
granted_clients: String,
two_factor: String,
}
pub async fn users_route(user: CurrentUser, users: web::Data<Addr<UsersActor>>, update_query: Option<web::Form<UpdateUserQuery>>) -> impl Responder {
@ -80,6 +81,11 @@ pub async fn users_route(user: CurrentUser, users: web::Data<Addr<UsersActor>>,
user.enabled = update.0.enabled.is_some();
user.admin = update.0.admin.is_some();
if let Some(factors) = user.two_factor.as_mut() {
let factors_to_keep = update.0.two_factor.split(';').collect::<Vec<_>>();
factors.retain(|f| factors_to_keep.contains(&f.id.0.as_str()));
}
user.authorized_clients = match update.0.grant_type.as_str() {
"all_clients" => None,
"custom_clients" => Some(update.0.granted_clients.split(',')

16
src/data/user.rs
View File

@ -41,7 +41,7 @@ pub struct User {
pub admin: bool,
/// 2FA
pub second_factors: Option<Vec<SecondFactor>>,
pub two_factor: Option<Vec<SecondFactor>>,
/// None = all services
/// Some([]) = no service
@ -64,16 +64,20 @@ impl User {
verify_password(pass, &self.password)
}
pub fn has_two_factor(&self) -> bool {
self.two_factor.as_ref().map(|f| !f.is_empty()).unwrap_or(false)
}
pub fn add_factor(&mut self, factor: SecondFactor) {
if self.second_factors.is_none() {
self.second_factors = Some(vec![]);
if self.two_factor.is_none() {
self.two_factor = Some(vec![]);
}
self.second_factors.as_mut().unwrap().push(factor);
self.two_factor.as_mut().unwrap().push(factor);
}
pub fn remove_factor(&mut self, factor_id: FactorID) {
if let Some(f) = self.second_factors.as_mut() {
if let Some(f) = self.two_factor.as_mut() {
f.retain(|f| f.id != factor_id);
}
}
@ -99,7 +103,7 @@ impl Default for User {
need_reset_password: false,
enabled: true,
admin: false,
second_factors: Some(vec![]),
two_factor: Some(vec![]),
authorized_clients: Some(Vec::new()),
}
}