finish /v1/totp-authenticators

This commit is contained in:
c0repwn3r 2023-04-02 21:11:27 -04:00
parent 1e66d14710
commit d70064f998
Signed by: core
GPG Key ID: FDBF740DADDCEECF
4 changed files with 51 additions and 15 deletions

View File

@ -1,5 +1,6 @@
use std::error::Error; use std::error::Error;
use actix_web::HttpRequest; use actix_web::HttpRequest;
use log::debug;
use sea_orm::{ColumnTrait, Condition, DatabaseConnection, EntityTrait, QueryFilter}; use sea_orm::{ColumnTrait, Condition, DatabaseConnection, EntityTrait, QueryFilter};
use crate::tokens::get_token_type; use crate::tokens::get_token_type;
use trifid_api_entities::entity::{auth_token, session_token}; use trifid_api_entities::entity::{auth_token, session_token};
@ -45,7 +46,7 @@ pub async fn enforce_session(req: &HttpRequest, db: &DatabaseConnection) -> Resu
} }
let tokens = &authorization_split[1..]; let tokens = &authorization_split[1..];
let sess_token = tokens.iter().find(|i| get_token_type(**i).unwrap_or("n-sess") == "sess").copied().ok_or("Missing session token")?; let sess_token = tokens.iter().find(|i| get_token_type(i).unwrap_or("n-sess") == "sess").copied().ok_or("Missing session token")?;
let token: session_token::Model = session_token::Entity::find().filter(session_token::Column::Id.eq(sess_token)).one(db).await?.ok_or("Invalid session token")?; let token: session_token::Model = session_token::Entity::find().filter(session_token::Column::Id.eq(sess_token)).one(db).await?.ok_or("Invalid session token")?;

View File

@ -1,7 +1,7 @@
use actix_web::{HttpResponse, post}; use actix_web::{HttpResponse, post};
use actix_web::web::{Data, Json}; use actix_web::web::{Data, Json};
use log::error; use log::error;
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter}; use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
use serde::{Serialize, Deserialize}; use serde::{Serialize, Deserialize};
use crate::AppState; use crate::AppState;
use trifid_api_entities::entity::magic_link; use trifid_api_entities::entity::magic_link;
@ -78,9 +78,27 @@ pub async fn verify_magic_link_request(db: Data<AppState>, req: Json<VerifyMagic
}) })
} }
let user = link.user.clone();
match link.delete(&db.conn).await {
Ok(_) => (),
Err(e) => {
error!("database error: {}", e);
return HttpResponse::InternalServerError().json(APIErrorsResponse {
errors: vec![
APIError {
code: "ERR_DB_ERROR".to_string(),
message: "There was an error with the database request, please try again later.".to_string(),
path: None,
}
],
})
}
}
let model = session_token::Model { let model = session_token::Model {
id: random_token("sess"), id: random_token("sess"),
user: link.user, user,
expires_on: expires_in_seconds(CONFIG.tokens.session_token_expiry_time_seconds) as i64, expires_on: expires_in_seconds(CONFIG.tokens.session_token_expiry_time_seconds) as i64,
}; };
let token = model.id.clone(); let token = model.id.clone();

View File

@ -2,7 +2,7 @@ use serde::{Serialize, Deserialize};
use actix_web::{HttpRequest, HttpResponse, post}; use actix_web::{HttpRequest, HttpResponse, post};
use actix_web::web::{Data, Json}; use actix_web::web::{Data, Json};
use log::error; use log::error;
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter}; use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
use totp_rs::{Algorithm, Secret, TOTP}; use totp_rs::{Algorithm, Secret, TOTP};
use crate::AppState; use crate::AppState;
use crate::auth_tokens::{enforce_2fa, enforce_session, TokenInfo}; use crate::auth_tokens::{enforce_2fa, enforce_session, TokenInfo};
@ -72,7 +72,8 @@ pub async fn totp_authenticators_request(db: Data<AppState>, req_data: HttpReque
}); });
} }
}; };
if auther.is_some() { if let Some(auther) = auther {
if auther.verified {
return HttpResponse::BadRequest().json(APIErrorsResponse { return HttpResponse::BadRequest().json(APIErrorsResponse {
errors: vec![ errors: vec![
APIError { APIError {
@ -83,6 +84,22 @@ pub async fn totp_authenticators_request(db: Data<AppState>, req_data: HttpReque
] ]
}); });
} }
match auther.delete(&db.conn).await {
Ok(_) => (),
Err(e) => {
error!("database error: {}", e);
return HttpResponse::InternalServerError().json(APIErrorsResponse {
errors: vec![
APIError {
code: "ERR_DB_ERROR".to_string(),
message: "There was an error with the database request, please try again later.".to_string(),
path: None,
}
],
})
}
}
}
let secret = Secret::generate_secret(); let secret = Secret::generate_secret();
let totpmachine = match TOTP::new(Algorithm::SHA1, 6, 1, 30, secret.to_bytes().expect("Invalid randomized data"), Some("trifid-api".to_string()), session_token.user.email) { let totpmachine = match TOTP::new(Algorithm::SHA1, 6, 1, 30, secret.to_bytes().expect("Invalid randomized data"), Some("trifid-api".to_string()), session_token.user.email) {

View File

@ -5,5 +5,5 @@ pub fn expires_in_seconds(seconds: u64) -> u64 {
} }
pub fn expired(time: u64) -> bool { pub fn expired(time: u64) -> bool {
UNIX_EPOCH + Duration::from_secs(time) > SystemTime::now() UNIX_EPOCH + Duration::from_secs(time) < SystemTime::now()
} }