Merge pull request #244 from RomanHargrave/multiple-u2f - vw_small

commit 1e9dd2fd4e980e83e72939c3a61359658433538d
parent 8f5bfe7938b9037fb802c0811b28f2575f3b0e89
Author: Daniel García <dani-garcia@users.noreply.github.com>
Date:   Fri,  9 Nov 2018 15:47:29 +0100

Merge pull request #244 from RomanHargrave/multiple-u2f

Make U2F work with vault 2.4.0 changes
Diffstat:
M src/api/core/mod.rs  | 1 +
M src/api/core/two_factor.rs  | 35 +++++++++++++++++++++--------------

2 files changed, 22 insertions(+), 14 deletions(-)
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
@@ -80,6 +80,7 @@ pub fn routes() -> Vec<Route> {
         activate_authenticator,
         activate_authenticator_put,
         generate_u2f,
+        generate_u2f_challenge,
         activate_u2f,
         activate_u2f_put,
 
diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs
@@ -252,27 +252,34 @@ fn generate_u2f(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) 
     let user_uuid = &headers.user.uuid;
 
     let u2f_type = TwoFactorType::U2f as i32;
-    let register_type = TwoFactorType::U2fRegisterChallenge;
-    let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) {
-        Some(_) => (true, String::new()),
-        None => {
-            let c = _create_u2f_challenge(user_uuid, register_type, &conn);
-            (false, c.challenge)
-        }
-    };
+    let enabled = TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn).is_some();
 
     Ok(Json(json!({
         "Enabled": enabled,
-        "Challenge": {
-            "UserId": headers.user.uuid,
-            "AppId": APP_ID.to_string(),
-            "Challenge": challenge,
-            "Version": U2F_VERSION,
-        },
         "Object": "twoFactorU2f"
     })))
 }
 
+#[post("/two-factor/get-u2f-challenge", data = "<data>")]
+fn generate_u2f_challenge(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult {
+    let data: PasswordData = data.into_inner().data;
+
+    if !headers.user.check_valid_password(&data.MasterPasswordHash) {
+        err!("Invalid password");
+    }
+
+    let user_uuid = &headers.user.uuid;
+
+    let challenge = _create_u2f_challenge(user_uuid, TwoFactorType::U2fRegisterChallenge, &conn).challenge;
+
+    Ok(Json(json!({
+        "UserId": headers.user.uuid,
+        "AppId": APP_ID.to_string(),
+        "Challenge": challenge,
+        "Version": U2F_VERSION,
+    })))
+}
+
 #[derive(Deserialize, Debug)]
 #[allow(non_snake_case)]
 struct EnableU2FData {

	vw_small Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
	git clone https://git.philomathiclife.com/repos/vw_small
	Log \| Files \| Refs \| README

M	src/api/core/mod.rs	\|	1	+
M	src/api/core/two_factor.rs	\|	35	+++++++++++++++++++++--------------