Merge factors type for authentication

This commit is contained in:
2022-11-11 12:26:02 +01:00
parent 8d231c0b45
commit af383720b7
44 changed files with 1177 additions and 674 deletions

View File

@ -1,5 +1,5 @@
use actix::Addr;
use actix_web::{HttpResponse, Responder, web};
use actix_web::{web, HttpResponse, Responder};
use uuid::Uuid;
use webauthn_rs::prelude::RegisterPublicKeyCredential;
@ -17,15 +17,19 @@ pub struct AddTOTPRequest {
first_code: String,
}
pub async fn save_totp_factor(user: CurrentUser, form: web::Json<AddTOTPRequest>,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
pub async fn save_totp_factor(
user: CurrentUser,
form: web::Json<AddTOTPRequest>,
users: web::Data<Addr<UsersActor>>,
) -> impl Responder {
let key = TotpKey::from_encoded_secret(&form.secret);
if !key.check_code(&form.first_code).unwrap_or(false) {
return HttpResponse::BadRequest()
.body(format!("Given code is invalid (expected {} or {})!",
key.current_code().unwrap_or_default(),
key.previous_code().unwrap_or_default()));
return HttpResponse::BadRequest().body(format!(
"Given code is invalid (expected {} or {})!",
key.current_code().unwrap_or_default(),
key.previous_code().unwrap_or_default()
));
}
if form.factor_name.is_empty() {
@ -38,7 +42,11 @@ pub async fn save_totp_factor(user: CurrentUser, form: web::Json<AddTOTPRequest>
name: form.0.factor_name,
kind: TwoFactorType::TOTP(key),
});
let res = users.send(users_actor::UpdateUserRequest(user)).await.unwrap().0;
let res = users
.send(users_actor::UpdateUserRequest(user))
.await
.unwrap()
.0;
if !res {
HttpResponse::InternalServerError().body("Failed to update user information!")
@ -54,14 +62,13 @@ pub struct AddWebauthnRequest {
credential: RegisterPublicKeyCredential,
}
pub async fn save_webauthn_factor(user: CurrentUser, form: web::Json<AddWebauthnRequest>,
users: web::Data<Addr<UsersActor>>,
manager: WebAuthManagerReq) -> impl Responder {
let key = match manager.finish_registration(
&user,
&form.0.opaque_state,
form.0.credential,
) {
pub async fn save_webauthn_factor(
user: CurrentUser,
form: web::Json<AddWebauthnRequest>,
users: web::Data<Addr<UsersActor>>,
manager: WebAuthManagerReq,
) -> impl Responder {
let key = match manager.finish_registration(&user, &form.0.opaque_state, form.0.credential) {
Ok(k) => k,
Err(e) => {
log::error!("Failed to register security key! {:?}", e);
@ -75,7 +82,11 @@ pub async fn save_webauthn_factor(user: CurrentUser, form: web::Json<AddWebauthn
name: form.0.factor_name,
kind: TwoFactorType::WEBAUTHN(Box::new(key)),
});
let res = users.send(users_actor::UpdateUserRequest(user)).await.unwrap().0;
let res = users
.send(users_actor::UpdateUserRequest(user))
.await
.unwrap()
.0;
if !res {
HttpResponse::InternalServerError().body("Failed to update user information!")
@ -89,16 +100,23 @@ pub struct DeleteFactorRequest {
id: FactorID,
}
pub async fn delete_factor(user: CurrentUser, form: web::Json<DeleteFactorRequest>,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
pub async fn delete_factor(
user: CurrentUser,
form: web::Json<DeleteFactorRequest>,
users: web::Data<Addr<UsersActor>>,
) -> impl Responder {
let mut user = User::from(user);
user.remove_factor(form.0.id);
let res = users.send(users_actor::UpdateUserRequest(user)).await.unwrap().0;
let res = users
.send(users_actor::UpdateUserRequest(user))
.await
.unwrap()
.0;
if !res {
HttpResponse::InternalServerError().body("Failed to update user information!")
} else {
HttpResponse::Ok().body("Removed factor!")
}
}
}