vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit e449912f05d63a3499609ae00184796dd7390bf0
parent 72a46fb386330a1101b77a861d1e0824f597f432
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sat,  2 Nov 2019 18:31:50 +0100

Generate recovery codes for email and duo

Diffstat:

Msrc/api/core/two_factor/duo.rs | 8++++++--


Msrc/api/core/two_factor/email.rs | 5++++-


2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/api/core/two_factor/duo.rs b/src/api/core/two_factor/duo.rs
@@ -4,6 +4,7 @@ use rocket::Route;
 use rocket_contrib::json::Json;
 use serde_json;
 
+use crate::api::core::two_factor::_generate_recover_code;
 use crate::api::{ApiResult, EmptyResult, JsonResult, JsonUpcase, PasswordData};
 use crate::auth::Headers;
 use crate::crypto;
@@ -152,8 +153,9 @@ fn check_duo_fields_custom(data: &EnableDuoData) -> bool {
 #[post("/two-factor/duo", data = "<data>")]
 fn activate_duo(data: JsonUpcase<EnableDuoData>, headers: Headers, conn: DbConn) -> JsonResult {
     let data: EnableDuoData = data.into_inner().data;
+    let mut user = headers.user;
 
-    if !headers.user.check_valid_password(&data.MasterPasswordHash) {
+    if !user.check_valid_password(&data.MasterPasswordHash) {
         err!("Invalid password");
     }
 
@@ -167,8 +169,10 @@ fn activate_duo(data: JsonUpcase<EnableDuoData>, headers: Headers, conn: DbConn)
     };
 
     let type_ = TwoFactorType::Duo;
-    let twofactor = TwoFactor::new(headers.user.uuid, type_, data_str);
+    let twofactor = TwoFactor::new(user.uuid.clone(), type_, data_str);
     twofactor.save(&conn)?;
+    
+    _generate_recover_code(&mut user, &conn);
 
     Ok(Json(json!({
         "Enabled": true,
diff --git a/src/api/core/two_factor/email.rs b/src/api/core/two_factor/email.rs
@@ -2,6 +2,7 @@ use rocket::Route;
 use rocket_contrib::json::Json;
 use serde_json;
 
+use crate::api::core::two_factor::_generate_recover_code;
 use crate::api::{EmptyResult, JsonResult, JsonUpcase, PasswordData};
 use crate::auth::Headers;
 use crate::crypto;
@@ -172,7 +173,7 @@ struct EmailData {
 #[put("/two-factor/email", data = "<data>")]
 fn email(data: JsonUpcase<EmailData>, headers: Headers, conn: DbConn) -> JsonResult {
     let data: EmailData = data.into_inner().data;
-    let user = headers.user;
+    let mut user = headers.user;
 
     if !user.check_valid_password(&data.MasterPasswordHash) {
         err!("Invalid password");
@@ -197,6 +198,8 @@ fn email(data: JsonUpcase<EmailData>, headers: Headers, conn: DbConn) -> JsonRes
     twofactor.data = email_data.to_json();
     twofactor.save(&conn)?;
 
+    _generate_recover_code(&mut user, &conn);
+
     Ok(Json(json!({
         "Email": email_data.email,
         "Enabled": "true",