Compare commits
1 Commits
master
...
638c69b51c
Author | SHA1 | Date | |
---|---|---|---|
638c69b51c |
18
Cargo.lock
generated
18
Cargo.lock
generated
@ -816,9 +816,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "clap"
|
||||
version = "4.5.40"
|
||||
version = "4.5.39"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "40b6887a1d8685cebccf115538db5c0efe625ccac9696ad45c409d96566e910f"
|
||||
checksum = "fd60e63e9be68e5fb56422e397cf9baddded06dae1d2e523401542383bc72a9f"
|
||||
dependencies = [
|
||||
"clap_builder",
|
||||
"clap_derive",
|
||||
@ -826,9 +826,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "clap_builder"
|
||||
version = "4.5.40"
|
||||
version = "4.5.39"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e0c66c08ce9f0c698cbce5c0279d0bb6ac936d8674174fe48f736533b964f59e"
|
||||
checksum = "89cc6392a1f72bbeb820d71f32108f61fdaf18bc526e1d23954168a67759ef51"
|
||||
dependencies = [
|
||||
"anstream",
|
||||
"anstyle",
|
||||
@ -838,9 +838,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "clap_derive"
|
||||
version = "4.5.40"
|
||||
version = "4.5.32"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d2c7947ae4cc3d851207c1adb5b5e260ff0cca11446b1d6d1423788e442257ce"
|
||||
checksum = "09176aae279615badda0765c0c0b3f6ed53f4709118af73cf4655d85d1530cd7"
|
||||
dependencies = [
|
||||
"heck",
|
||||
"proc-macro2",
|
||||
@ -3397,14 +3397,12 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
|
||||
|
||||
[[package]]
|
||||
name = "uuid"
|
||||
version = "1.17.0"
|
||||
version = "1.16.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3cf4199d1e5d15ddd86a694e4d0dffa9c323ce759fea589f00fef9d81cc1931d"
|
||||
checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9"
|
||||
dependencies = [
|
||||
"getrandom 0.3.2",
|
||||
"js-sys",
|
||||
"serde",
|
||||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -11,7 +11,7 @@ actix-identity = "0.8.0"
|
||||
actix-web = "4.11.0"
|
||||
actix-session = { version = "0.10.1", features = ["cookie-session"] }
|
||||
actix-remote-ip = "0.1.0"
|
||||
clap = { version = "4.5.40", features = ["derive", "env"] }
|
||||
clap = { version = "4.5.39", features = ["derive", "env"] }
|
||||
include_dir = "0.7.4"
|
||||
log = "0.4.27"
|
||||
serde_json = "1.0.140"
|
||||
@ -19,10 +19,10 @@ serde_yaml = "0.9.34"
|
||||
env_logger = "0.11.8"
|
||||
serde = { version = "1.0.219", features = ["derive"] }
|
||||
bcrypt = "0.17.0"
|
||||
uuid = { version = "1.17.0", features = ["v4"] }
|
||||
uuid = { version = "1.16.0", features = ["v4"] }
|
||||
mime_guess = "2.0.5"
|
||||
askama = "0.14.0"
|
||||
futures-util = "0.3.31"
|
||||
futures-util = "0.3.30"
|
||||
urlencoding = "2.1.3"
|
||||
rand = "0.9.1"
|
||||
base64 = "0.22.1"
|
||||
|
@ -151,7 +151,7 @@ impl Handler<LocalLoginRequest> for UsersActor {
|
||||
fn handle(&mut self, msg: LocalLoginRequest, _ctx: &mut Self::Context) -> Self::Result {
|
||||
match self.manager.find_by_username_or_email(&msg.login) {
|
||||
Err(e) => {
|
||||
log::error!("Failed to find user! {e}");
|
||||
log::error!("Failed to find user! {}", e);
|
||||
MessageResult(LoginResult::Error)
|
||||
}
|
||||
Ok(None) => MessageResult(LoginResult::AccountNotFound),
|
||||
@ -184,7 +184,7 @@ impl Handler<ProviderLoginRequest> for UsersActor {
|
||||
fn handle(&mut self, msg: ProviderLoginRequest, _ctx: &mut Self::Context) -> Self::Result {
|
||||
match self.manager.find_by_email(&msg.email) {
|
||||
Err(e) => {
|
||||
log::error!("Failed to find user! {e}");
|
||||
log::error!("Failed to find user! {}", e);
|
||||
MessageResult(LoginResult::Error)
|
||||
}
|
||||
Ok(None) => MessageResult(LoginResult::AccountNotFound),
|
||||
@ -210,7 +210,7 @@ impl Handler<CreateAccount> for UsersActor {
|
||||
match self.manager.create_user_account(msg.0) {
|
||||
Ok(id) => Some(id),
|
||||
Err(e) => {
|
||||
log::error!("Failed to create user account! {e}");
|
||||
log::error!("Failed to create user account! {}", e);
|
||||
None
|
||||
}
|
||||
}
|
||||
@ -227,7 +227,7 @@ impl Handler<ChangePasswordRequest> for UsersActor {
|
||||
{
|
||||
Ok(_) => true,
|
||||
Err(e) => {
|
||||
log::error!("Failed to change user password! {e:?}");
|
||||
log::error!("Failed to change user password! {:?}", e);
|
||||
false
|
||||
}
|
||||
}
|
||||
@ -241,7 +241,7 @@ impl Handler<Add2FAFactor> for UsersActor {
|
||||
match self.manager.add_2fa_factor(&msg.0, msg.1) {
|
||||
Ok(_) => true,
|
||||
Err(e) => {
|
||||
log::error!("Failed to add 2FA factor! {e}");
|
||||
log::error!("Failed to add 2FA factor! {}", e);
|
||||
false
|
||||
}
|
||||
}
|
||||
@ -255,7 +255,7 @@ impl Handler<Remove2FAFactor> for UsersActor {
|
||||
match self.manager.remove_2fa_factor(&msg.0, msg.1) {
|
||||
Ok(_) => true,
|
||||
Err(e) => {
|
||||
log::error!("Failed to remove 2FA factor! {e}");
|
||||
log::error!("Failed to remove 2FA factor! {}", e);
|
||||
false
|
||||
}
|
||||
}
|
||||
@ -272,7 +272,7 @@ impl Handler<AddSuccessful2FALogin> for UsersActor {
|
||||
{
|
||||
Ok(_) => true,
|
||||
Err(e) => {
|
||||
log::error!("Failed to save successful 2FA authentication! {e}");
|
||||
log::error!("Failed to save successful 2FA authentication! {}", e);
|
||||
false
|
||||
}
|
||||
}
|
||||
@ -309,7 +309,10 @@ impl Handler<SetAuthorizedAuthenticationSources> for UsersActor {
|
||||
{
|
||||
Ok(_) => true,
|
||||
Err(e) => {
|
||||
log::error!("Failed to set authorized authentication sources for user! {e}");
|
||||
log::error!(
|
||||
"Failed to set authorized authentication sources for user! {}",
|
||||
e
|
||||
);
|
||||
false
|
||||
}
|
||||
}
|
||||
@ -322,7 +325,7 @@ impl Handler<SetGrantedClients> for UsersActor {
|
||||
match self.manager.set_granted_2fa_clients(&msg.0, msg.1) {
|
||||
Ok(_) => true,
|
||||
Err(e) => {
|
||||
log::error!("Failed to set granted 2FA clients! {e}");
|
||||
log::error!("Failed to set granted 2FA clients! {}", e);
|
||||
false
|
||||
}
|
||||
}
|
||||
@ -336,7 +339,7 @@ impl Handler<GetUserRequest> for UsersActor {
|
||||
MessageResult(GetUserResult(match self.manager.find_by_user_id(&msg.0) {
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
log::error!("Failed to find user by id! {e}");
|
||||
log::error!("Failed to find user by id! {}", e);
|
||||
None
|
||||
}
|
||||
}))
|
||||
@ -350,7 +353,7 @@ impl Handler<VerifyUserPasswordRequest> for UsersActor {
|
||||
self.manager
|
||||
.verify_user_password(&msg.0, &msg.1)
|
||||
.unwrap_or_else(|e| {
|
||||
log::error!("Failed to verify user password! {e}");
|
||||
log::error!("Failed to verify user password! {}", e);
|
||||
false
|
||||
})
|
||||
}
|
||||
@ -364,7 +367,7 @@ impl Handler<FindUserByUsername> for UsersActor {
|
||||
self.manager
|
||||
.find_by_username_or_email(&msg.0)
|
||||
.unwrap_or_else(|e| {
|
||||
log::error!("Failed to find user by username or email! {e}");
|
||||
log::error!("Failed to find user by username or email! {}", e);
|
||||
None
|
||||
}),
|
||||
))
|
||||
@ -378,7 +381,7 @@ impl Handler<GetAllUsers> for UsersActor {
|
||||
match self.manager.get_entire_users_list() {
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
log::error!("Failed to get entire users list! {e}");
|
||||
log::error!("Failed to get entire users list! {}", e);
|
||||
vec![]
|
||||
}
|
||||
}
|
||||
@ -392,7 +395,7 @@ impl Handler<UpdateUserSettings> for UsersActor {
|
||||
match self.manager.set_general_user_settings(msg.0) {
|
||||
Ok(_) => true,
|
||||
Err(e) => {
|
||||
log::error!("Failed to update general user information! {e:?}");
|
||||
log::error!("Failed to update general user information! {:?}", e);
|
||||
false
|
||||
}
|
||||
}
|
||||
@ -406,7 +409,7 @@ impl Handler<DeleteUserRequest> for UsersActor {
|
||||
match self.manager.delete_account(&msg.0) {
|
||||
Ok(_) => true,
|
||||
Err(e) => {
|
||||
log::error!("Failed to delete user account! {e}");
|
||||
log::error!("Failed to delete user account! {}", e);
|
||||
false
|
||||
}
|
||||
}
|
||||
|
@ -47,7 +47,7 @@ pub async fn auth_webauthn(
|
||||
HttpResponse::Ok().body("You are authenticated!")
|
||||
}
|
||||
Err(e) => {
|
||||
log::error!("Failed to authenticate user using webauthn! {e:?}");
|
||||
log::error!("Failed to authenticate user using webauthn! {:?}", e);
|
||||
logger.log(Action::LoginWebauthnAttempt {
|
||||
success: false,
|
||||
user_id,
|
||||
|
@ -190,7 +190,12 @@ pub async fn login_route(
|
||||
}
|
||||
|
||||
c => {
|
||||
log::warn!("Failed login for ip {remote_ip:?} / username {login}: {c:?}");
|
||||
log::warn!(
|
||||
"Failed login for ip {:?} / username {}: {:?}",
|
||||
remote_ip,
|
||||
login,
|
||||
c
|
||||
);
|
||||
logger.log(Action::FailedLoginWithBadCredentials(&login));
|
||||
danger = Some("Login failed.".to_string());
|
||||
|
||||
@ -469,7 +474,7 @@ pub async fn login_with_webauthn(
|
||||
let challenge = match manager.start_authentication(&user.uid, &pub_keys) {
|
||||
Ok(c) => c,
|
||||
Err(e) => {
|
||||
log::error!("Failed to generate webauthn challenge! {e:?}");
|
||||
log::error!("Failed to generate webauthn challenge! {:?}", e);
|
||||
return HttpResponse::InternalServerError().body(build_fatal_error_page(
|
||||
"Failed to generate webauthn challenge",
|
||||
));
|
||||
@ -479,7 +484,7 @@ pub async fn login_with_webauthn(
|
||||
let challenge_json = match serde_json::to_string(&challenge.login_challenge) {
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
log::error!("Failed to serialize challenge! {e:?}");
|
||||
log::error!("Failed to serialize challenge! {:?}", e);
|
||||
return HttpResponse::InternalServerError().body("Failed to serialize challenge!");
|
||||
}
|
||||
};
|
||||
|
@ -111,7 +111,12 @@ pub struct AuthorizeQuery {
|
||||
}
|
||||
|
||||
fn error_redirect(query: &AuthorizeQuery, error: &str, description: &str) -> HttpResponse {
|
||||
log::warn!("Failed to process sign in request ({error} => {description}): {query:?}");
|
||||
log::warn!(
|
||||
"Failed to process sign in request ({} => {}): {:?}",
|
||||
error,
|
||||
description,
|
||||
query
|
||||
);
|
||||
HttpResponse::Found()
|
||||
.append_header((
|
||||
"Location",
|
||||
@ -238,7 +243,7 @@ pub async fn authorize(
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
log::trace!("New OpenID session: {session:#?}");
|
||||
log::trace!("New OpenID session: {:#?}", session);
|
||||
logger.log(Action::NewOpenIDSession { client: &client });
|
||||
|
||||
Ok(HttpResponse::Found()
|
||||
@ -314,7 +319,12 @@ struct ErrorResponse {
|
||||
}
|
||||
|
||||
pub fn error_response<D: Debug>(query: &D, error: &str, description: &str) -> HttpResponse {
|
||||
log::warn!("request failed: {error} - {description} => '{query:#?}'");
|
||||
log::warn!(
|
||||
"request failed: {} - {} => '{:#?}'",
|
||||
error,
|
||||
description,
|
||||
query
|
||||
);
|
||||
HttpResponse::BadRequest().json(ErrorResponse {
|
||||
error: error.to_string(),
|
||||
error_description: description.to_string(),
|
||||
@ -379,7 +389,7 @@ pub async fn token(
|
||||
let decode = String::from_utf8_lossy(&match BASE64_STANDARD.decode(token) {
|
||||
Ok(d) => d,
|
||||
Err(e) => {
|
||||
log::error!("Failed to decode authorization header: {e:?}");
|
||||
log::error!("Failed to decode authorization header: {:?}", e);
|
||||
return Ok(error_response(
|
||||
&query,
|
||||
"invalid_request",
|
||||
|
@ -96,14 +96,14 @@ pub async fn start_login(
|
||||
let config = match ProviderConfigurationHelper::get_configuration(&provider).await {
|
||||
Ok(c) => c,
|
||||
Err(e) => {
|
||||
log::error!("Failed to load provider configuration! {e}");
|
||||
log::error!("Failed to load provider configuration! {}", e);
|
||||
return HttpResponse::InternalServerError().body(build_fatal_error_page(
|
||||
"Failed to load provider configuration!",
|
||||
));
|
||||
}
|
||||
};
|
||||
|
||||
log::debug!("Provider configuration: {config:?}");
|
||||
log::debug!("Provider configuration: {:?}", config);
|
||||
|
||||
let url = config.auth_url(&provider, &state);
|
||||
log::debug!("Redirect user on {url} for authentication",);
|
||||
@ -210,7 +210,7 @@ pub async fn finish_login(
|
||||
let provider_config = match ProviderConfigurationHelper::get_configuration(&provider).await {
|
||||
Ok(c) => c,
|
||||
Err(e) => {
|
||||
log::error!("Failed to load provider configuration! {e}");
|
||||
log::error!("Failed to load provider configuration! {}", e);
|
||||
return HttpResponse::InternalServerError().body(build_fatal_error_page(
|
||||
"Failed to load provider configuration!",
|
||||
));
|
||||
@ -222,7 +222,7 @@ pub async fn finish_login(
|
||||
let token = match token {
|
||||
Ok(t) => t,
|
||||
Err(e) => {
|
||||
log::error!("Failed to retrieve login token! {e:?}");
|
||||
log::error!("Failed to retrieve login token! {:?}", e);
|
||||
|
||||
bruteforce
|
||||
.send(bruteforce_actor::RecordFailedAttempt {
|
||||
@ -247,7 +247,7 @@ pub async fn finish_login(
|
||||
let user_info = match provider_config.get_userinfo(&token).await {
|
||||
Ok(info) => info,
|
||||
Err(e) => {
|
||||
log::error!("Failed to retrieve user information! {e:?}");
|
||||
log::error!("Failed to retrieve user information! {:?}", e);
|
||||
|
||||
logger.log(Action::ProviderFailedGetUserInfo {
|
||||
provider: &provider,
|
||||
|
@ -94,7 +94,7 @@ pub async fn save_webauthn_factor(
|
||||
let key = match manager.finish_registration(&user, &form.0.opaque_state, form.0.credential) {
|
||||
Ok(k) => k,
|
||||
Err(e) => {
|
||||
log::error!("Failed to register security key! {e:?}");
|
||||
log::error!("Failed to register security key! {:?}", e);
|
||||
return HttpResponse::InternalServerError().body("Failed to register key!");
|
||||
}
|
||||
};
|
||||
|
@ -68,7 +68,7 @@ pub async fn add_totp_factor_route(_critical: CriticalRoute, user: CurrentUser)
|
||||
let qr_code = match qr_code {
|
||||
Ok(q) => q,
|
||||
Err(e) => {
|
||||
log::error!("Failed to generate QrCode! {e:?}");
|
||||
log::error!("Failed to generate QrCode! {:?}", e);
|
||||
return HttpResponse::InternalServerError().body("Failed to generate QrCode!");
|
||||
}
|
||||
};
|
||||
@ -95,7 +95,7 @@ pub async fn add_webauthn_factor_route(
|
||||
let registration_request = match manager.start_register(&user) {
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
log::error!("Failed to request new key! {e:?}");
|
||||
log::error!("Failed to request new key! {:?}", e);
|
||||
return HttpResponse::InternalServerError()
|
||||
.body("Failed to generate request for registration!");
|
||||
}
|
||||
@ -104,7 +104,7 @@ pub async fn add_webauthn_factor_route(
|
||||
let challenge_json = match serde_json::to_string(®istration_request.creation_challenge) {
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
log::error!("Failed to serialize challenge! {e:?}");
|
||||
log::error!("Failed to serialize challenge! {:?}", e);
|
||||
return HttpResponse::InternalServerError().body("Failed to serialize challenge!");
|
||||
}
|
||||
};
|
||||
|
@ -156,7 +156,8 @@ impl Action<'_> {
|
||||
.to_string()
|
||||
}
|
||||
Action::ProviderFailedGetToken { state, code } => format!(
|
||||
"could not complete login from provider because the id_token could not be retrieved! (state={state:?} code = {code})"
|
||||
"could not complete login from provider because the id_token could not be retrieved! (state={:?} code = {code})",
|
||||
state
|
||||
),
|
||||
Action::ProviderFailedGetUserInfo { provider } => format!(
|
||||
"could not get user information from userinfo endpoint of provider {}!",
|
||||
|
@ -22,7 +22,7 @@ impl CodeChallenge {
|
||||
encoded.eq(&self.code_challenge)
|
||||
}
|
||||
s => {
|
||||
log::error!("Unknown code challenge method: {s}");
|
||||
log::error!("Unknown code challenge method: {}", s);
|
||||
false
|
||||
}
|
||||
}
|
||||
@ -40,8 +40,8 @@ mod test {
|
||||
code_challenge: "text1".to_string(),
|
||||
};
|
||||
|
||||
assert!(chal.verify_code("text1"));
|
||||
assert!(!chal.verify_code("text2"));
|
||||
assert_eq!(true, chal.verify_code("text1"));
|
||||
assert_eq!(false, chal.verify_code("text2"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
@ -51,8 +51,8 @@ mod test {
|
||||
code_challenge: "uSOvC48D8TMh6RgW-36XppMlMgys-6KAE_wEIev9W2g".to_string(),
|
||||
};
|
||||
|
||||
assert!(chal.verify_code("HIwht3lCHfnsruA+7Sq8NP2mPj5cBZe0Ewf23eK9UQhK4TdCIt3SK7Fr/giCdnfjxYQILOPG2D562emggAa2lA=="));
|
||||
assert!(!chal.verify_code("text1"));
|
||||
assert_eq!(true, chal.verify_code("HIwht3lCHfnsruA+7Sq8NP2mPj5cBZe0Ewf23eK9UQhK4TdCIt3SK7Fr/giCdnfjxYQILOPG2D562emggAa2lA=="));
|
||||
assert_eq!(false, chal.verify_code("text1"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
@ -62,7 +62,10 @@ mod test {
|
||||
code_challenge: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM".to_string(),
|
||||
};
|
||||
|
||||
assert!(chal.verify_code("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"));
|
||||
assert!(!chal.verify_code("text1"));
|
||||
assert_eq!(
|
||||
true,
|
||||
chal.verify_code("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk")
|
||||
);
|
||||
assert_eq!(false, chal.verify_code("text1"));
|
||||
}
|
||||
}
|
||||
|
@ -46,7 +46,7 @@ impl SessionIdentity<'_> {
|
||||
.map(|f| match f {
|
||||
Ok(d) => Some(d),
|
||||
Err(e) => {
|
||||
log::warn!("Failed to deserialize session data! {e:?}");
|
||||
log::warn!("Failed to deserialize session data! {:?}", e);
|
||||
None
|
||||
}
|
||||
})
|
||||
@ -65,7 +65,7 @@ impl SessionIdentity<'_> {
|
||||
|
||||
log::debug!("Will set user session data.");
|
||||
if let Err(e) = Identity::login(&req.extensions(), s) {
|
||||
log::error!("Failed to set session data! {e}");
|
||||
log::error!("Failed to set session data! {}", e);
|
||||
}
|
||||
log::debug!("Did set user session data.");
|
||||
}
|
||||
|
@ -1,3 +1,5 @@
|
||||
use std::io::ErrorKind;
|
||||
|
||||
use base32::Alphabet;
|
||||
use rand::Rng;
|
||||
use totp_rfc6238::{HashAlgorithm, TotpGenerator};
|
||||
@ -88,7 +90,8 @@ impl TotpKey {
|
||||
|
||||
let key = match base32::decode(BASE32_ALPHABET, &self.encoded) {
|
||||
None => {
|
||||
return Err(Box::new(std::io::Error::other(
|
||||
return Err(Box::new(std::io::Error::new(
|
||||
ErrorKind::Other,
|
||||
"Failed to decode base32 secret!",
|
||||
)));
|
||||
}
|
||||
|
@ -18,7 +18,7 @@ impl EntityManager<User> {
|
||||
};
|
||||
|
||||
if let Err(e) = self.replace_entries(|u| u.uid.eq(id), &update(user)) {
|
||||
log::error!("Failed to update user information! {e:?}");
|
||||
log::error!("Failed to update user information! {:?}", e);
|
||||
return Err(e);
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@ fn verify_password<P: AsRef<[u8]>>(pwd: P, hash: &str) -> bool {
|
||||
match bcrypt::verify(pwd, hash) {
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
log::warn!("Failed to verify password! {e:?}");
|
||||
log::warn!("Failed to verify password! {:?}", e);
|
||||
false
|
||||
}
|
||||
}
|
||||
|
@ -1,3 +1,4 @@
|
||||
use std::io::ErrorKind;
|
||||
use std::sync::Arc;
|
||||
|
||||
use actix_web::web;
|
||||
@ -108,11 +109,17 @@ impl WebAuthManager {
|
||||
) -> Res<WebauthnPubKey> {
|
||||
let state: RegisterKeyOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
|
||||
if state.user_id != user.uid {
|
||||
return Err(Box::new(std::io::Error::other("Invalid user for pubkey!")));
|
||||
return Err(Box::new(std::io::Error::new(
|
||||
ErrorKind::Other,
|
||||
"Invalid user for pubkey!",
|
||||
)));
|
||||
}
|
||||
|
||||
if state.expire < time() {
|
||||
return Err(Box::new(std::io::Error::other("Challenge has expired!")));
|
||||
return Err(Box::new(std::io::Error::new(
|
||||
ErrorKind::Other,
|
||||
"Challenge has expired!",
|
||||
)));
|
||||
}
|
||||
|
||||
let res = self.core.finish_passkey_registration(
|
||||
@ -150,11 +157,17 @@ impl WebAuthManager {
|
||||
) -> Res {
|
||||
let state: AuthStateOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
|
||||
if &state.user_id != user_id {
|
||||
return Err(Box::new(std::io::Error::other("Invalid user for pubkey!")));
|
||||
return Err(Box::new(std::io::Error::new(
|
||||
ErrorKind::Other,
|
||||
"Invalid user for pubkey!",
|
||||
)));
|
||||
}
|
||||
|
||||
if state.expire < time() {
|
||||
return Err(Box::new(std::io::Error::other("Challenge has expired!")));
|
||||
return Err(Box::new(std::io::Error::new(
|
||||
ErrorKind::Other,
|
||||
"Challenge has expired!",
|
||||
)));
|
||||
}
|
||||
|
||||
self.core.finish_passkey_authentication(
|
||||
|
@ -51,7 +51,7 @@ async fn main() -> std::io::Result<()> {
|
||||
|
||||
// Create initial user if required
|
||||
if users.is_empty() {
|
||||
log::info!("Create default {DEFAULT_ADMIN_USERNAME} user");
|
||||
log::info!("Create default {} user", DEFAULT_ADMIN_USERNAME);
|
||||
let default_admin = User {
|
||||
username: DEFAULT_ADMIN_USERNAME.to_string(),
|
||||
authorized_clients: None,
|
||||
|
@ -97,7 +97,10 @@ where
|
||||
.unwrap_or("bad")
|
||||
.eq(&AppConfig::get().website_origin)
|
||||
{
|
||||
log::warn!("Blocked POST request from invalid origin! Origin given {o:?}");
|
||||
log::warn!(
|
||||
"Blocked POST request from invalid origin! Origin given {:?}",
|
||||
o
|
||||
);
|
||||
return Ok(req.into_response(
|
||||
HttpResponse::Unauthorized()
|
||||
.body("POST request from invalid origin!")
|
||||
@ -130,8 +133,8 @@ where
|
||||
_ => ConnStatus::SignedOut,
|
||||
};
|
||||
|
||||
log::trace!("Connection data: {session_data:#?}");
|
||||
log::debug!("Connection status: {session:?}");
|
||||
log::trace!("Connection data: {:#?}", session_data);
|
||||
log::debug!("Connection status: {:?}", session);
|
||||
|
||||
// Redirect user to login page
|
||||
if !session.is_auth()
|
||||
|
@ -47,7 +47,7 @@ mod test {
|
||||
unsafe {
|
||||
env::set_var(VAR_ONE, "good");
|
||||
}
|
||||
let src = format!("This is ${{{VAR_ONE}}}");
|
||||
let src = format!("This is ${{{}}}", VAR_ONE);
|
||||
assert_eq!("This is good", apply_env_vars(&src));
|
||||
}
|
||||
|
||||
@ -55,7 +55,7 @@ mod test {
|
||||
|
||||
#[test]
|
||||
fn test_invalid_var_syntax() {
|
||||
let src = format!("This is ${{{VAR_INVALID}}}");
|
||||
let src = format!("This is ${{{}}}", VAR_INVALID);
|
||||
assert_eq!(src, apply_env_vars(&src));
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user