commit c64560016e80517eb490b2b863be6da261c02b27
parent 2f3e18caa98271f9273e39e999f55635975091aa
Author: BlackDex <black.dex@gmail.com>
Date: Fri, 25 Sep 2020 18:26:48 +0200
Add /api/accounts/verify-password endpoint
If for some reason the hashed password is cleared from memory within a
bitwarden client it will try to verify the password at the server side.
This endpoint was missing.
Resolves #1156
Diffstat:
1 file changed, 18 insertions(+), 0 deletions(-)
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
@@ -32,6 +32,7 @@ pub fn routes() -> Vec<rocket::Route> {
revision_date,
password_hint,
prelogin,
+ verify_password,
]
}
@@ -623,3 +624,20 @@ fn prelogin(data: JsonUpcase<PreloginData>, conn: DbConn) -> JsonResult {
"KdfIterations": kdf_iter
})))
}
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct VerifyPasswordData {
+ MasterPasswordHash: String,
+}
+
+#[post("/accounts/verify-password", data = "<data>")]
+fn verify_password(data: JsonUpcase<VerifyPasswordData>, headers: Headers, _conn: DbConn) -> EmptyResult {
+ let data: VerifyPasswordData = data.into_inner().data;
+ let user = headers.user;
+
+ if !user.check_valid_password(&data.MasterPasswordHash) {
+ err!("Invalid password")
+ }
+
+ Ok(())
+}
