Merge pull request #1158 from BlackDex/fix-issue-1156 - vw_small

commit 0b6a003a8baa909798097100627571b090b1e066
parent 2f3e18caa98271f9273e39e999f55635975091aa
Author: Daniel García <dani-garcia@users.noreply.github.com>
Date:   Fri, 25 Sep 2020 21:14:25 +0200

Merge pull request #1158 from BlackDex/fix-issue-1156

Add /api/accounts/verify-password endpoint
Diffstat:
M src/api/core/accounts.rs  | 18 ++++++++++++++++++

1 file changed, 18 insertions(+), 0 deletions(-)
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
@@ -32,6 +32,7 @@ pub fn routes() -> Vec<rocket::Route> {
         revision_date,
         password_hint,
         prelogin,
+        verify_password,
     ]
 }
 
@@ -623,3 +624,20 @@ fn prelogin(data: JsonUpcase<PreloginData>, conn: DbConn) -> JsonResult {
         "KdfIterations": kdf_iter
     })))
 }
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct VerifyPasswordData {
+    MasterPasswordHash: String,
+}
+
+#[post("/accounts/verify-password", data = "<data>")]
+fn verify_password(data: JsonUpcase<VerifyPasswordData>, headers: Headers, _conn: DbConn) -> EmptyResult {
+    let data: VerifyPasswordData = data.into_inner().data;
+    let user = headers.user;
+
+    if !user.check_valid_password(&data.MasterPasswordHash) {
+        err!("Invalid password")
+    }
+
+    Ok(())
+}

	vw_small Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
	git clone https://git.philomathiclife.com/repos/vw_small
	Log \| Files \| Refs \| README