pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Log all user actions on stdout
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Pierre HUBERT
2022-11-19 13:38:24 +01:00
parent c242a492fc
commit d06c0352fc
14 changed files with 323 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/controllers/two_factor_api.rs
View File

@ -5,11 +5,22 @@ use webauthn_rs::prelude::RegisterPublicKeyCredential;
use crate::actors::users_actor;
use crate::actors::users_actor::UsersActor;
use crate::constants::MAX_SECOND_FACTOR_NAME_LEN;
use crate::data::action_logger::{Action, ActionLogger};
use crate::data::current_user::CurrentUser;
use crate::data::totp_key::TotpKey;
use crate::data::user::{FactorID, TwoFactor, TwoFactorType, User};
use crate::data::webauthn_manager::WebAuthManagerReq;
fn preprocess_factor_name(name: &str) -> String {
name.replace('<', "&lt;")
.replace('>', "&gt;")
.chars()
.take(MAX_SECOND_FACTOR_NAME_LEN)
.filter(|c| *c != '\n' && *c != '\t' && *c != '\r' && c.is_ascii())
.collect()
}
#[derive(serde::Deserialize)]
pub struct AddTOTPRequest {
factor_name: String,
@ -21,6 +32,7 @@ pub async fn save_totp_factor(
user: CurrentUser,
form: web::Json<AddTOTPRequest>,
users: web::Data<Addr<UsersActor>>,
logger: ActionLogger,
) -> impl Responder {
let key = TotpKey::from_encoded_secret(&form.secret);
@ -32,16 +44,20 @@ pub async fn save_totp_factor(
));
}
if form.factor_name.is_empty() {
return HttpResponse::BadRequest().body("Please give a name to the factor!");
let factor_name = preprocess_factor_name(&form.factor_name);
if factor_name.is_empty() {
return HttpResponse::BadRequest().body("Please give a valid name to the factor!");
}
let mut user = User::from(user);
user.add_factor(TwoFactor {
let factor = TwoFactor {
id: FactorID(Uuid::new_v4().to_string()),
name: form.0.factor_name,
name: factor_name,
kind: TwoFactorType::TOTP(key),
});
};
logger.log(Action::AddNewFactor(&factor));
let mut user = User::from(user);
user.add_factor(factor);
let res = users
.send(users_actor::UpdateUserRequest(user))
.await
@ -67,7 +83,13 @@ pub async fn save_webauthn_factor(
form: web::Json<AddWebauthnRequest>,
users: web::Data<Addr<UsersActor>>,
manager: WebAuthManagerReq,
logger: ActionLogger,
) -> impl Responder {
let factor_name = preprocess_factor_name(&form.factor_name);
if factor_name.is_empty() {
return HttpResponse::BadRequest().body("Please give a valid name to the factor!");
}
let key = match manager.finish_registration(&user, &form.0.opaque_state, form.0.credential) {
Ok(k) => k,
Err(e) => {
@ -76,12 +98,15 @@ pub async fn save_webauthn_factor(
}
};
let mut user = User::from(user);
user.add_factor(TwoFactor {
let factor = TwoFactor {
id: FactorID(Uuid::new_v4().to_string()),
name: form.0.factor_name,
name: factor_name,
kind: TwoFactorType::WEBAUTHN(Box::new(key)),
});
};
logger.log(Action::AddNewFactor(&factor));
let mut user = User::from(user);
user.add_factor(factor);
let res = users
.send(users_actor::UpdateUserRequest(user))
.await
@ -104,9 +129,10 @@ pub async fn delete_factor(
user: CurrentUser,
form: web::Json<DeleteFactorRequest>,
users: web::Data<Addr<UsersActor>>,
logger: ActionLogger,
) -> impl Responder {
let mut user = User::from(user);
user.remove_factor(form.0.id);
user.remove_factor(form.0.id.clone());
let res = users
.send(users_actor::UpdateUserRequest(user))
@ -117,6 +143,9 @@ pub async fn delete_factor(
if !res {
HttpResponse::InternalServerError().body("Failed to update user information!")
} else {
logger.log(Action::Removed2FAFactor {
factor_id: &form.0.id,
});
HttpResponse::Ok().body("Removed factor!")
}
}
@ -124,11 +153,13 @@ pub async fn delete_factor(
pub async fn clear_login_history(
user: CurrentUser,
users: web::Data<Addr<UsersActor>>,
logger: ActionLogger,
) -> impl Responder {
users
.send(users_actor::Clear2FALoginHistory(user.uid.clone()))
.await
.unwrap();
logger.log(Action::ClearedHisLoginHistory);
HttpResponse::Ok().body("History successfully cleared")
}