vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit f571df7367991d804603630e04a36d5d96feac11
parent de51bc782e7f257bc4fab9259087fa4ddcc6d01a
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sat, 12 Jan 2019 15:28:41 +0100

Revert yubikey feature, not needed anymore

Diffstat:
MCargo.toml | 4+---
MDockerfile.aarch64 | 3+--
Msrc/api/core/two_factor.rs | 35+++++++----------------------------
3 files changed, 9 insertions(+), 33 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml @@ -11,9 +11,7 @@ publish = false build = "build.rs" [features] -default = ["enable_yubikey"] enable_syslog = ["syslog", "fern/syslog-4"] -enable_yubikey = ["yubico"] [dependencies] # Web framework for nightly with a focus on ease-of-use, expressibility, and speed. @@ -74,7 +72,7 @@ jsonwebtoken = "5.0.1" u2f = "0.1.4" # Yubico Library -yubico = { version = "0.5.0", features = ["online"], default-features = false, optional = true } +yubico = { version = "0.5.0", features = ["online"], default-features = false } # A `dotenv` implementation for Rust dotenv = { version = "0.13.0", default-features = false } diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 @@ -55,8 +55,7 @@ COPY . . # Build RUN rustup target add aarch64-unknown-linux-gnu -# TODO: Enable yubico when #262 is fixed -RUN cargo build --release --target=aarch64-unknown-linux-gnu -v --no-default-features +RUN cargo build --release --target=aarch64-unknown-linux-gnu -v ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs @@ -15,18 +15,8 @@ use crate::auth::Headers; use rocket::Route; -#[cfg(feature = "enable_yubikey")] -fn yubi_routes() -> Vec<Route> { - routes![generate_yubikey, activate_yubikey, activate_yubikey_put] -} - -#[cfg(not(feature = "enable_yubikey"))] -fn yubi_routes() -> Vec<Route> { - Vec::new() -} - pub fn routes() -> Vec<Route> { - let mut routes = routes![ + routes![ get_twofactor, get_recover, recover, @@ -39,11 +29,10 @@ pub fn routes() -> Vec<Route> { generate_u2f_challenge, activate_u2f, activate_u2f_put, - ]; - - routes.append(&mut yubi_routes()); - - routes + generate_yubikey, + activate_yubikey, + activate_yubikey_put, + ] } #[get("/two-factor")] @@ -496,8 +485,8 @@ pub struct YubikeyMetadata { pub Nfc: bool, } -#[cfg(feature = "enable_yubikey")] -use yubico::{config::Config, Yubico}; +use yubico::config::Config; +use yubico::Yubico; fn parse_yubikeys(data: &EnableYubikeyData) -> Vec<String> { let mut yubikeys: Vec<String> = Vec::new(); @@ -535,7 +524,6 @@ fn jsonify_yubikeys(yubikeys: Vec<String>) -> serde_json::Value { result } -#[cfg(feature = "enable_yubikey")] fn verify_yubikey_otp(otp: String) -> JsonResult { if !CONFIG.yubico_cred_set { err!("`YUBICO_CLIENT_ID` or `YUBICO_SECRET_KEY` environment variable is not set. Yubikey OTP Disabled") @@ -557,7 +545,6 @@ fn verify_yubikey_otp(otp: String) -> JsonResult { } } -#[cfg(feature = "enable_yubikey")] #[post("/two-factor/get-yubikey", data = "<data>")] fn generate_yubikey(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult { if !CONFIG.yubico_cred_set { @@ -593,7 +580,6 @@ fn generate_yubikey(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbCo } } -#[cfg(feature = "enable_yubikey")] #[post("/two-factor/yubikey", data = "<data>")] fn activate_yubikey(data: JsonUpcase<EnableYubikeyData>, headers: Headers, conn: DbConn) -> JsonResult { let data: EnableYubikeyData = data.into_inner().data; @@ -655,18 +641,11 @@ fn activate_yubikey(data: JsonUpcase<EnableYubikeyData>, headers: Headers, conn: Ok(Json(result)) } -#[cfg(feature = "enable_yubikey")] #[put("/two-factor/yubikey", data = "<data>")] fn activate_yubikey_put(data: JsonUpcase<EnableYubikeyData>, headers: Headers, conn: DbConn) -> JsonResult { activate_yubikey(data, headers, conn) } -#[cfg(not(feature = "enable_yubikey"))] -pub fn validate_yubikey_login(_: &str, _: &str, _: &DbConn) -> EmptyResult { - err!("Yubikey functionality is disabled. If you are using AArch64, check #262") -} - -#[cfg(feature = "enable_yubikey")] pub fn validate_yubikey_login(user_uuid: &str, response: &str, conn: &DbConn) -> EmptyResult { if response.len() != 44 { err!("Invalid Yubikey OTP length");