This commit is contained in:
parent
222c950505
commit
e35f890241
2
Cargo.lock
generated
2
Cargo.lock
generated
@ -504,7 +504,7 @@ dependencies = [
|
|||||||
"aes-gcm",
|
"aes-gcm",
|
||||||
"askama",
|
"askama",
|
||||||
"base32",
|
"base32",
|
||||||
"base64 0.13.1",
|
"base64 0.21.0",
|
||||||
"bcrypt",
|
"bcrypt",
|
||||||
"bincode",
|
"bincode",
|
||||||
"chrono",
|
"chrono",
|
||||||
|
@ -24,7 +24,7 @@ askama = "0.11.1"
|
|||||||
futures-util = "0.3.25"
|
futures-util = "0.3.25"
|
||||||
urlencoding = "2.1.2"
|
urlencoding = "2.1.2"
|
||||||
rand = "0.8.5"
|
rand = "0.8.5"
|
||||||
base64 = "0.13.1"
|
base64 = "0.21.0"
|
||||||
jwt-simple = "0.11.3"
|
jwt-simple = "0.11.3"
|
||||||
digest = "0.10.6"
|
digest = "0.10.6"
|
||||||
sha2 = "0.10.6"
|
sha2 = "0.10.6"
|
||||||
|
@ -4,6 +4,8 @@ use actix::Addr;
|
|||||||
use actix_identity::Identity;
|
use actix_identity::Identity;
|
||||||
use actix_web::error::ErrorUnauthorized;
|
use actix_web::error::ErrorUnauthorized;
|
||||||
use actix_web::{web, HttpRequest, HttpResponse, Responder};
|
use actix_web::{web, HttpRequest, HttpResponse, Responder};
|
||||||
|
use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
|
||||||
|
use base64::Engine as _;
|
||||||
|
|
||||||
use crate::actors::openid_sessions_actor::{OpenIDSessionsActor, Session, SessionID};
|
use crate::actors::openid_sessions_actor::{OpenIDSessionsActor, Session, SessionID};
|
||||||
use crate::actors::users_actor::UsersActor;
|
use crate::actors::users_actor::UsersActor;
|
||||||
@ -295,7 +297,7 @@ pub async fn token(
|
|||||||
Some(v) => v,
|
Some(v) => v,
|
||||||
};
|
};
|
||||||
|
|
||||||
let decode = String::from_utf8_lossy(&match base64::decode(token) {
|
let decode = String::from_utf8_lossy(&match BASE64_STANDARD.decode(token) {
|
||||||
Ok(d) => d,
|
Ok(d) => d,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
log::error!("Failed to decode authorization header: {:?}", e);
|
log::error!("Failed to decode authorization header: {:?}", e);
|
||||||
@ -601,7 +603,7 @@ async fn user_info(
|
|||||||
return user_info_error(
|
return user_info_error(
|
||||||
"invalid_request",
|
"invalid_request",
|
||||||
"Header token does not start with 'Bearer '!",
|
"Header token does not start with 'Bearer '!",
|
||||||
)
|
);
|
||||||
}
|
}
|
||||||
Some(t) => t,
|
Some(t) => t,
|
||||||
};
|
};
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
use std::ops::Deref;
|
use std::ops::Deref;
|
||||||
|
|
||||||
use crate::constants::MAX_SECOND_FACTOR_NAME_LEN;
|
|
||||||
use actix_web::{HttpResponse, Responder};
|
use actix_web::{HttpResponse, Responder};
|
||||||
use askama::Template;
|
use askama::Template;
|
||||||
|
use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
|
||||||
|
use base64::Engine as _;
|
||||||
use qrcode_generator::QrCodeEcc;
|
use qrcode_generator::QrCodeEcc;
|
||||||
|
|
||||||
|
use crate::constants::MAX_SECOND_FACTOR_NAME_LEN;
|
||||||
use crate::controllers::settings_controller::BaseSettingsPage;
|
use crate::controllers::settings_controller::BaseSettingsPage;
|
||||||
use crate::data::app_config::AppConfig;
|
use crate::data::app_config::AppConfig;
|
||||||
use crate::data::current_user::CurrentUser;
|
use crate::data::current_user::CurrentUser;
|
||||||
@ -70,7 +72,7 @@ pub async fn add_totp_factor_route(user: CurrentUser) -> impl Responder {
|
|||||||
HttpResponse::Ok().body(
|
HttpResponse::Ok().body(
|
||||||
AddTotpPage {
|
AddTotpPage {
|
||||||
_p: BaseSettingsPage::get("New authenticator app", &user, None, None),
|
_p: BaseSettingsPage::get("New authenticator app", &user, None, None),
|
||||||
qr_code: base64::encode(qr_code),
|
qr_code: BASE64_STANDARD.encode(qr_code),
|
||||||
account_name: key.account_name(&user, AppConfig::get()),
|
account_name: key.account_name(&user, AppConfig::get()),
|
||||||
secret_key: key.get_secret(),
|
secret_key: key.get_secret(),
|
||||||
max_name_len: MAX_SECOND_FACTOR_NAME_LEN,
|
max_name_len: MAX_SECOND_FACTOR_NAME_LEN,
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
use base64::URL_SAFE_NO_PAD;
|
use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
|
||||||
|
use base64::Engine as _;
|
||||||
|
|
||||||
use crate::utils::crypt_utils::sha256;
|
use crate::utils::crypt_utils::sha256;
|
||||||
|
|
||||||
@ -16,8 +17,7 @@ impl CodeChallenge {
|
|||||||
match self.code_challenge_method.as_str() {
|
match self.code_challenge_method.as_str() {
|
||||||
"plain" => code_verifer.eq(&self.code_challenge),
|
"plain" => code_verifer.eq(&self.code_challenge),
|
||||||
"S256" => {
|
"S256" => {
|
||||||
let encoded =
|
let encoded = BASE64_URL_SAFE_NO_PAD.encode(sha256(code_verifer.as_bytes()));
|
||||||
base64::encode_config(sha256(code_verifer.as_bytes()), URL_SAFE_NO_PAD);
|
|
||||||
|
|
||||||
encoded.eq(&self.code_challenge)
|
encoded.eq(&self.code_challenge)
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,8 @@ use std::io::ErrorKind;
|
|||||||
|
|
||||||
use aes_gcm::aead::{Aead, OsRng};
|
use aes_gcm::aead::{Aead, OsRng};
|
||||||
use aes_gcm::{Aes256Gcm, Key, KeyInit, Nonce};
|
use aes_gcm::{Aes256Gcm, Key, KeyInit, Nonce};
|
||||||
|
use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
|
||||||
|
use base64::Engine as _;
|
||||||
use rand::Rng;
|
use rand::Rng;
|
||||||
use serde::de::DeserializeOwned;
|
use serde::de::DeserializeOwned;
|
||||||
use serde::Serialize;
|
use serde::Serialize;
|
||||||
@ -34,12 +36,12 @@ impl CryptoWrapper {
|
|||||||
.unwrap();
|
.unwrap();
|
||||||
enc.extend_from_slice(&nonce_bytes);
|
enc.extend_from_slice(&nonce_bytes);
|
||||||
|
|
||||||
Ok(base64::encode(enc))
|
Ok(BASE64_STANDARD.encode(enc))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt some data previously encrypted using the [`CryptoWrapper::encrypt`] method
|
/// Decrypt some data previously encrypted using the [`CryptoWrapper::encrypt`] method
|
||||||
pub fn decrypt<T: DeserializeOwned>(&self, input: &str) -> Res<T> {
|
pub fn decrypt<T: DeserializeOwned>(&self, input: &str) -> Res<T> {
|
||||||
let bytes = base64::decode(input)?;
|
let bytes = BASE64_STANDARD.decode(input)?;
|
||||||
|
|
||||||
if bytes.len() < NONCE_LEN {
|
if bytes.len() < NONCE_LEN {
|
||||||
return Err(Box::new(std::io::Error::new(
|
return Err(Box::new(std::io::Error::new(
|
||||||
|
@ -4,6 +4,10 @@ use jwt_simple::prelude::RS256KeyPair;
|
|||||||
use serde::de::DeserializeOwned;
|
use serde::de::DeserializeOwned;
|
||||||
use serde::Serialize;
|
use serde::Serialize;
|
||||||
|
|
||||||
|
use base64::engine::general_purpose::URL_SAFE as BASE64_URL_URL_SAFE;
|
||||||
|
use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
|
||||||
|
use base64::Engine as _;
|
||||||
|
|
||||||
use crate::utils::err::Res;
|
use crate::utils::err::Res;
|
||||||
use crate::utils::string_utils::rand_str;
|
use crate::utils::string_utils::rand_str;
|
||||||
|
|
||||||
@ -38,8 +42,8 @@ impl JWTSigner {
|
|||||||
algorithm: "RS256".to_string(),
|
algorithm: "RS256".to_string(),
|
||||||
key_type: "RSA".to_string(),
|
key_type: "RSA".to_string(),
|
||||||
key_id: self.0.key_id().as_ref().unwrap().to_string(),
|
key_id: self.0.key_id().as_ref().unwrap().to_string(),
|
||||||
public_exponent: base64::encode_config(components.e, base64::URL_SAFE),
|
public_exponent: BASE64_URL_URL_SAFE.encode(components.e),
|
||||||
modulus: base64::encode_config(components.n, base64::URL_SAFE_NO_PAD),
|
modulus: BASE64_URL_SAFE_NO_PAD.encode(components.n),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user