finish /v1/totp-authenticators
This commit is contained in:
parent
1e66d14710
commit
d70064f998
|
@ -1,5 +1,6 @@
|
||||||
use std::error::Error;
|
use std::error::Error;
|
||||||
use actix_web::HttpRequest;
|
use actix_web::HttpRequest;
|
||||||
|
use log::debug;
|
||||||
use sea_orm::{ColumnTrait, Condition, DatabaseConnection, EntityTrait, QueryFilter};
|
use sea_orm::{ColumnTrait, Condition, DatabaseConnection, EntityTrait, QueryFilter};
|
||||||
use crate::tokens::get_token_type;
|
use crate::tokens::get_token_type;
|
||||||
use trifid_api_entities::entity::{auth_token, session_token};
|
use trifid_api_entities::entity::{auth_token, session_token};
|
||||||
|
@ -45,7 +46,7 @@ pub async fn enforce_session(req: &HttpRequest, db: &DatabaseConnection) -> Resu
|
||||||
}
|
}
|
||||||
let tokens = &authorization_split[1..];
|
let tokens = &authorization_split[1..];
|
||||||
|
|
||||||
let sess_token = tokens.iter().find(|i| get_token_type(**i).unwrap_or("n-sess") == "sess").copied().ok_or("Missing session token")?;
|
let sess_token = tokens.iter().find(|i| get_token_type(i).unwrap_or("n-sess") == "sess").copied().ok_or("Missing session token")?;
|
||||||
|
|
||||||
let token: session_token::Model = session_token::Entity::find().filter(session_token::Column::Id.eq(sess_token)).one(db).await?.ok_or("Invalid session token")?;
|
let token: session_token::Model = session_token::Entity::find().filter(session_token::Column::Id.eq(sess_token)).one(db).await?.ok_or("Invalid session token")?;
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
use actix_web::{HttpResponse, post};
|
use actix_web::{HttpResponse, post};
|
||||||
use actix_web::web::{Data, Json};
|
use actix_web::web::{Data, Json};
|
||||||
use log::error;
|
use log::error;
|
||||||
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter};
|
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
|
||||||
use serde::{Serialize, Deserialize};
|
use serde::{Serialize, Deserialize};
|
||||||
use crate::AppState;
|
use crate::AppState;
|
||||||
use trifid_api_entities::entity::magic_link;
|
use trifid_api_entities::entity::magic_link;
|
||||||
|
@ -78,9 +78,27 @@ pub async fn verify_magic_link_request(db: Data<AppState>, req: Json<VerifyMagic
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let user = link.user.clone();
|
||||||
|
|
||||||
|
match link.delete(&db.conn).await {
|
||||||
|
Ok(_) => (),
|
||||||
|
Err(e) => {
|
||||||
|
error!("database error: {}", e);
|
||||||
|
return HttpResponse::InternalServerError().json(APIErrorsResponse {
|
||||||
|
errors: vec![
|
||||||
|
APIError {
|
||||||
|
code: "ERR_DB_ERROR".to_string(),
|
||||||
|
message: "There was an error with the database request, please try again later.".to_string(),
|
||||||
|
path: None,
|
||||||
|
}
|
||||||
|
],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let model = session_token::Model {
|
let model = session_token::Model {
|
||||||
id: random_token("sess"),
|
id: random_token("sess"),
|
||||||
user: link.user,
|
user,
|
||||||
expires_on: expires_in_seconds(CONFIG.tokens.session_token_expiry_time_seconds) as i64,
|
expires_on: expires_in_seconds(CONFIG.tokens.session_token_expiry_time_seconds) as i64,
|
||||||
};
|
};
|
||||||
let token = model.id.clone();
|
let token = model.id.clone();
|
||||||
|
|
|
@ -2,7 +2,7 @@ use serde::{Serialize, Deserialize};
|
||||||
use actix_web::{HttpRequest, HttpResponse, post};
|
use actix_web::{HttpRequest, HttpResponse, post};
|
||||||
use actix_web::web::{Data, Json};
|
use actix_web::web::{Data, Json};
|
||||||
use log::error;
|
use log::error;
|
||||||
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter};
|
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
|
||||||
use totp_rs::{Algorithm, Secret, TOTP};
|
use totp_rs::{Algorithm, Secret, TOTP};
|
||||||
use crate::AppState;
|
use crate::AppState;
|
||||||
use crate::auth_tokens::{enforce_2fa, enforce_session, TokenInfo};
|
use crate::auth_tokens::{enforce_2fa, enforce_session, TokenInfo};
|
||||||
|
@ -72,7 +72,8 @@ pub async fn totp_authenticators_request(db: Data<AppState>, req_data: HttpReque
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
if auther.is_some() {
|
if let Some(auther) = auther {
|
||||||
|
if auther.verified {
|
||||||
return HttpResponse::BadRequest().json(APIErrorsResponse {
|
return HttpResponse::BadRequest().json(APIErrorsResponse {
|
||||||
errors: vec![
|
errors: vec![
|
||||||
APIError {
|
APIError {
|
||||||
|
@ -83,6 +84,22 @@ pub async fn totp_authenticators_request(db: Data<AppState>, req_data: HttpReque
|
||||||
]
|
]
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
match auther.delete(&db.conn).await {
|
||||||
|
Ok(_) => (),
|
||||||
|
Err(e) => {
|
||||||
|
error!("database error: {}", e);
|
||||||
|
return HttpResponse::InternalServerError().json(APIErrorsResponse {
|
||||||
|
errors: vec![
|
||||||
|
APIError {
|
||||||
|
code: "ERR_DB_ERROR".to_string(),
|
||||||
|
message: "There was an error with the database request, please try again later.".to_string(),
|
||||||
|
path: None,
|
||||||
|
}
|
||||||
|
],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let secret = Secret::generate_secret();
|
let secret = Secret::generate_secret();
|
||||||
let totpmachine = match TOTP::new(Algorithm::SHA1, 6, 1, 30, secret.to_bytes().expect("Invalid randomized data"), Some("trifid-api".to_string()), session_token.user.email) {
|
let totpmachine = match TOTP::new(Algorithm::SHA1, 6, 1, 30, secret.to_bytes().expect("Invalid randomized data"), Some("trifid-api".to_string()), session_token.user.email) {
|
||||||
|
|
|
@ -5,5 +5,5 @@ pub fn expires_in_seconds(seconds: u64) -> u64 {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn expired(time: u64) -> bool {
|
pub fn expired(time: u64) -> bool {
|
||||||
UNIX_EPOCH + Duration::from_secs(time) > SystemTime::now()
|
UNIX_EPOCH + Duration::from_secs(time) < SystemTime::now()
|
||||||
}
|
}
|
Loading…
Reference in New Issue