Can force 2FA authent

2024-03-26 21:07:29 +01:00
parent 4bb515366d
commit dfb277d636
8 changed files with 63 additions and 16 deletions
--- a/src/data/force_2fa_auth.rs
+++ b/src/data/force_2fa_auth.rs
@ -0,0 +1,36 @@
+use crate::data::current_user::CurrentUser;
+use actix_web::dev::Payload;
+use actix_web::{web, Error, FromRequest, HttpRequest};
+use std::future::Future;
+use std::pin::Pin;
+
+#[derive(serde::Deserialize)]
+pub struct Force2FAAuthQuery {
+    #[serde(default)]
+    force_2fa: bool,
+}
+
+pub struct Force2FAAuth {
+    pub force: bool,
+}
+
+impl FromRequest for Force2FAAuth {
+    type Error = Error;
+    type Future = Pin<Box<dyn Future<Output = Result<Self, Self::Error>>>>;
+
+    fn from_request(req: &HttpRequest, payload: &mut Payload) -> Self::Future {
+        let req = req.clone();
+
+        let query = web::Query::<Force2FAAuthQuery>::from_request(&req, payload)
+            .into_inner()
+            .unwrap();
+
+        Box::pin(async move {
+            let user = CurrentUser::from_request(&req, &mut Payload::None).await?;
+
+            Ok(Self {
+                force: query.force_2fa && user.has_two_factor(),
+            })
+        })
+    }
+}
--- a/src/data/mod.rs
+++ b/src/data/mod.rs
@ -5,6 +5,7 @@ pub mod client;
 pub mod code_challenge;
 pub mod current_user;
 pub mod entity_manager;
+pub mod force_2fa_auth;
 pub mod id_token;
 pub mod jwt_signer;
 pub mod login_redirect;
--- a/src/data/user.rs
+++ b/src/data/user.rs
@ -90,11 +90,17 @@ impl TwoFactor {
        }
    }

-    pub fn login_url(&self, redirect_uri: &LoginRedirect) -> String {
+    pub fn login_url(&self, redirect_uri: &LoginRedirect, force_2fa: bool) -> String {
        match self.kind {
-            TwoFactorType::TOTP(_) => format!("/2fa_otp?redirect={}", redirect_uri.get_encoded()),
+            TwoFactorType::TOTP(_) => format!(
+                "/2fa_otp?redirect={}&force_2fa={force_2fa}",
+                redirect_uri.get_encoded()
+            ),
            TwoFactorType::WEBAUTHN(_) => {
-                format!("/2fa_webauthn?redirect={}", redirect_uri.get_encoded())
+                format!(
+                    "/2fa_webauthn?redirect={}&force_2fa={force_2fa}",
+                    redirect_uri.get_encoded()
+                )
            }
        }
    }