Two factor authentication : TOTP #5

Merged
pierre merged 22 commits from twofactors into master 2022-04-20 07:40:51 +00:00
8 changed files with 17 additions and 15 deletions
Showing only changes of commit 94aeefe450 - Show all commits

View File

@ -46,7 +46,7 @@ impl Session {
jwt_signer: &JWTSigner) -> Res {
let access_token = AccessToken {
issuer: app_config.website_origin.to_string(),
subject_identifier: self.user.clone(),
subject_identifier: self.user.clone().0,
issued_at: time(),
exp_time: time() + OPEN_ID_ACCESS_TOKEN_TIMEOUT,
rand_val: rand_str(OPEN_ID_ACCESS_TOKEN_LEN),

View File

@ -18,7 +18,7 @@ struct FindUserResult {
pub async fn find_username(req: web::Form<FindUserNameReq>, users: web::Data<Addr<UsersActor>>) -> impl Responder {
let res = users.send(FindUserByUsername(req.0.username)).await.unwrap();
HttpResponse::Ok().json(FindUserResult {
user_id: res.0.map(|r| r.uid)
user_id: res.0.map(|r| r.uid.0)
})
}

View File

@ -341,7 +341,7 @@ pub async fn token(req: HttpRequest,
// Generate id token
let id_token = IdToken {
issuer: app_config.website_origin.to_string(),
subject_identifier: session.user,
subject_identifier: session.user.0,
audience: session.client.0.to_string(),
expiration_time: session.access_token_expire_at,
issued_at: time(),
@ -499,7 +499,7 @@ async fn user_info(req: HttpRequest, token: Option<String>,
HttpResponse::Ok()
.json(OpenIDUserInfo {
name: user.full_name(),
sub: user.uid,
sub: user.uid.0,
given_name: user.first_name,
family_name: user.last_name,
preferred_username: user.username,

View File

@ -20,7 +20,7 @@ impl Default for SessionStatus {
#[derive(Debug, Serialize, Deserialize, Default)]
pub struct SessionIdentityData {
pub id: UserID,
pub id: Option<UserID>,
pub is_admin: bool,
pub auth_time: u64,
pub status: SessionStatus,
@ -48,7 +48,7 @@ impl<'a> SessionIdentity<'a> {
// Check if session is valid
if let Some(sess) = &res {
if sess.id.is_empty() {
if sess.id.is_none() {
return None;
}
}
@ -64,7 +64,7 @@ impl<'a> SessionIdentity<'a> {
pub fn set_user(&self, user: &User) {
self.set_session_data(&SessionIdentityData {
id: user.uid.clone(),
id: Some(user.uid.clone()),
is_admin: user.admin,
auth_time: time(),
status: SessionStatus::SignedIn,
@ -101,6 +101,7 @@ impl<'a> SessionIdentity<'a> {
pub fn user_id(&self) -> UserID {
self.get_session_data().unwrap_or_default().id
.expect("UserID should never be null here!")
}
pub fn auth_time(&self) -> u64 {

View File

@ -4,7 +4,8 @@ use crate::data::login_redirect::LoginRedirect;
use crate::data::totp_key::TotpKey;
use crate::utils::err::Res;
pub type UserID = String;
#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize, serde::Deserialize)]
pub struct UserID(pub String);
#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize, serde::Deserialize)]
pub struct FactorID(pub String);
@ -101,7 +102,7 @@ impl Eq for User {}
impl Default for User {
fn default() -> Self {
Self {
uid: uuid::Uuid::new_v4().to_string(),
uid: UserID(uuid::Uuid::new_v4().to_string()),
first_name: "".to_string(),
last_name: "".to_string(),
username: "".to_string(),

View File

@ -5,7 +5,7 @@
<tbody>
<tr>
<th scope="row">User ID</th>
<td>{{ u.uid }}</td>
<td>{{ u.uid.0 }}</td>
</tr>
<tr>
<th scope="row">First name</th>

View File

@ -6,7 +6,7 @@
<div class="form-group">
<label class="form-label mt-4" for="userID">User ID</label>
<input class="form-control" id="userID" type="text" readonly=""
name="uid" value="{{ u.uid }}"/>
name="uid" value="{{ u.uid.0 }}"/>
</div>
<!-- User name -->
@ -145,7 +145,7 @@
return;
const userID = await find_username(usernameEl.value);
usernameEl.classList.add((userID === null || userID === "{{ u.uid }}") ? "is-valid" : "is-invalid");
usernameEl.classList.add((userID === null || userID === "{{ u.uid.0 }}") ? "is-valid" : "is-invalid");
} catch(e) {
console.error(e);

View File

@ -19,7 +19,7 @@
</thead>
<tbody>
{% for u in users %}
<tr id="row-user-{{ u.uid }}">
<tr id="row-user-{{ u.uid.0 }}">
<td>{{ u.username }}</td>
<td>{{ u.first_name }}</td>
<td>{{ u.last_name }}</td>
@ -27,8 +27,8 @@
<td>{% if u.admin %}Admin{% else %}Regular user{% endif %}</td>
<td>{% if u.enabled %}Enabled{% else %}Disabled{% endif %}</td>
<td>
<a href="/admin/edit_user?id={{ u.uid }}">Edit</a>
<a href="javascript:delete_user('{{ u.uid }}', '{{ u.username }}')">Delete</a>
<a href="/admin/edit_user?id={{ u.uid.0 }}">Edit</a>
<a href="javascript:delete_user('{{ u.uid.0 }}', '{{ u.username }}')">Delete</a>
</td>
</tr>
{% endfor %}