vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 2433d39df5aa37c8927b0583ef1dc1c9a2e9c67f
parent 9e0e4b13c54f5f9595ecdf6a21c49f9249602265
Author: Stepan Fedorko-Bartos <step7750@gmail.com>
Date:   Thu, 15 Nov 2018 18:54:53 -0700

Allows Custom Yubico OTP Server

Diffstat:
M.env | 3++-
Msrc/api/core/two_factor.rs | 9++++++++-
Msrc/main.rs | 2++
3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.env b/.env @@ -43,9 +43,10 @@ ## Yubico (Yubikey) Settings ## Set your Client ID and Secret Key for Yubikey OTP ## You can generate it here: https://upgrade.yubico.com/getapikey/ -## TODO: Allow choosing custom YubiCloud server +## You can optionally specify a custom OTP server # YUBICO_CLIENT_ID=11111 # YUBICO_SECRET_KEY=AAAAAAAAAAAAAAAAAAAAAAAA +# YUBICO_SERVER=http://yourdomain.com/wsapi/2.0/verify ## Rocket specific settings, check Rocket documentation to learn more # ROCKET_ENV=staging diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs @@ -561,7 +561,14 @@ fn verify_yubikey_otp(otp: String) -> JsonResult { let yubico = Yubico::new(); let config = Config::default().set_client_id(CONFIG.yubico_client_id.to_owned()).set_key(CONFIG.yubico_secret_key.to_owned()); - let result = yubico.verify(otp, config); + let result; + + if CONFIG.yubico_server.is_some() { + result = yubico.verify(otp, config.set_api_hosts(vec![CONFIG.yubico_server.to_owned().unwrap()])); + } + else { + result = yubico.verify(otp, config); + } match result { Ok(_answer) => Ok(Json(json!({}))), diff --git a/src/main.rs b/src/main.rs @@ -249,6 +249,7 @@ pub struct Config { yubico_cred_set: bool, yubico_client_id: String, yubico_secret_key: String, + yubico_server: Option<String>, mail: Option<MailConfig>, } @@ -294,6 +295,7 @@ impl Config { yubico_cred_set: yubico_client_id.is_some() && yubico_secret_key.is_some(), yubico_client_id: yubico_client_id.unwrap_or("00000".into()), yubico_secret_key: yubico_secret_key.unwrap_or("AAAAAAA".into()), + yubico_server: get_env("YUBICO_SERVER"), mail: MailConfig::load(), }