|
@ -1,5 +1,5 @@ |
|
|
use crate::db::DbPool; |
|
|
use crate::db::DbPool; |
|
|
use chrono::{SecondsFormat, Utc}; |
|
|
use chrono::Utc; |
|
|
use rocket::serde::json::Json; |
|
|
use rocket::serde::json::Json; |
|
|
use serde_json::Value; |
|
|
use serde_json::Value; |
|
|
|
|
|
|
|
@ -13,7 +13,7 @@ use crate::{ |
|
|
crypto, |
|
|
crypto, |
|
|
db::{models::*, DbConn}, |
|
|
db::{models::*, DbConn}, |
|
|
mail, |
|
|
mail, |
|
|
util::NumberOrString, |
|
|
util::{format_date, NumberOrString}, |
|
|
CONFIG, |
|
|
CONFIG, |
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
@ -901,14 +901,12 @@ pub async fn _prelogin(data: Json<PreloginData>, mut conn: DbConn) -> Json<Value |
|
|
None => (User::CLIENT_KDF_TYPE_DEFAULT, User::CLIENT_KDF_ITER_DEFAULT, None, None), |
|
|
None => (User::CLIENT_KDF_TYPE_DEFAULT, User::CLIENT_KDF_ITER_DEFAULT, None, None), |
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
let result = json!({ |
|
|
Json(json!({ |
|
|
"kdf": kdf_type, |
|
|
"kdf": kdf_type, |
|
|
"kdfIterations": kdf_iter, |
|
|
"kdfIterations": kdf_iter, |
|
|
"kdfMemory": kdf_mem, |
|
|
"kdfMemory": kdf_mem, |
|
|
"kdfParallelism": kdf_para, |
|
|
"kdfParallelism": kdf_para, |
|
|
}); |
|
|
})) |
|
|
|
|
|
|
|
|
Json(result) |
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
// https://github.com/bitwarden/server/blob/master/src/Api/Models/Request/Accounts/SecretVerificationRequestModel.cs
|
|
|
// https://github.com/bitwarden/server/blob/master/src/Api/Models/Request/Accounts/SecretVerificationRequestModel.cs
|
|
@ -1084,14 +1082,15 @@ struct AuthRequestRequest { |
|
|
device_identifier: String, |
|
|
device_identifier: String, |
|
|
email: String, |
|
|
email: String, |
|
|
public_key: String, |
|
|
public_key: String, |
|
|
#[serde(alias = "type")] |
|
|
// Not used for now
|
|
|
_type: i32, |
|
|
// #[serde(alias = "type")]
|
|
|
|
|
|
// _type: i32,
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#[post("/auth-requests", data = "<data>")] |
|
|
#[post("/auth-requests", data = "<data>")] |
|
|
async fn post_auth_request( |
|
|
async fn post_auth_request( |
|
|
data: Json<AuthRequestRequest>, |
|
|
data: Json<AuthRequestRequest>, |
|
|
headers: ClientHeaders, |
|
|
client_headers: ClientHeaders, |
|
|
mut conn: DbConn, |
|
|
mut conn: DbConn, |
|
|
nt: Notify<'_>, |
|
|
nt: Notify<'_>, |
|
|
) -> JsonResult { |
|
|
) -> JsonResult { |
|
@ -1099,16 +1098,20 @@ async fn post_auth_request( |
|
|
|
|
|
|
|
|
let user = match User::find_by_mail(&data.email, &mut conn).await { |
|
|
let user = match User::find_by_mail(&data.email, &mut conn).await { |
|
|
Some(user) => user, |
|
|
Some(user) => user, |
|
|
None => { |
|
|
None => err!("AuthRequest doesn't exist", "User not found"), |
|
|
err!("AuthRequest doesn't exist") |
|
|
|
|
|
} |
|
|
|
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
// Validate device uuid and type
|
|
|
|
|
|
match Device::find_by_uuid_and_user(&data.device_identifier, &user.uuid, &mut conn).await { |
|
|
|
|
|
Some(device) if device.atype == client_headers.device_type => {} |
|
|
|
|
|
_ => err!("AuthRequest doesn't exist", "Device verification failed"), |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
let mut auth_request = AuthRequest::new( |
|
|
let mut auth_request = AuthRequest::new( |
|
|
user.uuid.clone(), |
|
|
user.uuid.clone(), |
|
|
data.device_identifier.clone(), |
|
|
data.device_identifier.clone(), |
|
|
headers.device_type, |
|
|
client_headers.device_type, |
|
|
headers.ip.ip.to_string(), |
|
|
client_headers.ip.ip.to_string(), |
|
|
data.access_code, |
|
|
data.access_code, |
|
|
data.public_key, |
|
|
data.public_key, |
|
|
); |
|
|
); |
|
@ -1123,7 +1126,7 @@ async fn post_auth_request( |
|
|
"requestIpAddress": auth_request.request_ip, |
|
|
"requestIpAddress": auth_request.request_ip, |
|
|
"key": null, |
|
|
"key": null, |
|
|
"masterPasswordHash": null, |
|
|
"masterPasswordHash": null, |
|
|
"creationDate": auth_request.creation_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true), |
|
|
"creationDate": format_date(&auth_request.creation_date), |
|
|
"responseDate": null, |
|
|
"responseDate": null, |
|
|
"requestApproved": false, |
|
|
"requestApproved": false, |
|
|
"origin": CONFIG.domain_origin(), |
|
|
"origin": CONFIG.domain_origin(), |
|
@ -1132,33 +1135,31 @@ async fn post_auth_request( |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#[get("/auth-requests/<uuid>")] |
|
|
#[get("/auth-requests/<uuid>")] |
|
|
async fn get_auth_request(uuid: &str, mut conn: DbConn) -> JsonResult { |
|
|
async fn get_auth_request(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult { |
|
|
|
|
|
if headers.user.uuid != uuid { |
|
|
|
|
|
err!("AuthRequest doesn't exist", "User uuid's do not match") |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await { |
|
|
let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await { |
|
|
Some(auth_request) => auth_request, |
|
|
Some(auth_request) => auth_request, |
|
|
None => { |
|
|
None => err!("AuthRequest doesn't exist", "Record not found"), |
|
|
err!("AuthRequest doesn't exist") |
|
|
|
|
|
} |
|
|
|
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
let response_date_utc = auth_request |
|
|
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date)); |
|
|
.response_date |
|
|
|
|
|
.map(|response_date| response_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true)); |
|
|
Ok(Json(json!({ |
|
|
|
|
|
"id": uuid, |
|
|
Ok(Json(json!( |
|
|
"publicKey": auth_request.public_key, |
|
|
{ |
|
|
"requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(), |
|
|
"id": uuid, |
|
|
"requestIpAddress": auth_request.request_ip, |
|
|
"publicKey": auth_request.public_key, |
|
|
"key": auth_request.enc_key, |
|
|
"requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(), |
|
|
"masterPasswordHash": auth_request.master_password_hash, |
|
|
"requestIpAddress": auth_request.request_ip, |
|
|
"creationDate": format_date(&auth_request.creation_date), |
|
|
"key": auth_request.enc_key, |
|
|
"responseDate": response_date_utc, |
|
|
"masterPasswordHash": auth_request.master_password_hash, |
|
|
"requestApproved": auth_request.approved, |
|
|
"creationDate": auth_request.creation_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true), |
|
|
"origin": CONFIG.domain_origin(), |
|
|
"responseDate": response_date_utc, |
|
|
"object":"auth-request" |
|
|
"requestApproved": auth_request.approved, |
|
|
}))) |
|
|
"origin": CONFIG.domain_origin(), |
|
|
|
|
|
"object":"auth-request" |
|
|
|
|
|
} |
|
|
|
|
|
))) |
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#[derive(Debug, Deserialize)] |
|
|
#[derive(Debug, Deserialize)] |
|
@ -1174,6 +1175,7 @@ struct AuthResponseRequest { |
|
|
async fn put_auth_request( |
|
|
async fn put_auth_request( |
|
|
uuid: &str, |
|
|
uuid: &str, |
|
|
data: Json<AuthResponseRequest>, |
|
|
data: Json<AuthResponseRequest>, |
|
|
|
|
|
headers: Headers, |
|
|
mut conn: DbConn, |
|
|
mut conn: DbConn, |
|
|
ant: AnonymousNotify<'_>, |
|
|
ant: AnonymousNotify<'_>, |
|
|
nt: Notify<'_>, |
|
|
nt: Notify<'_>, |
|
@ -1181,11 +1183,13 @@ async fn put_auth_request( |
|
|
let data = data.into_inner(); |
|
|
let data = data.into_inner(); |
|
|
let mut auth_request: AuthRequest = match AuthRequest::find_by_uuid(uuid, &mut conn).await { |
|
|
let mut auth_request: AuthRequest = match AuthRequest::find_by_uuid(uuid, &mut conn).await { |
|
|
Some(auth_request) => auth_request, |
|
|
Some(auth_request) => auth_request, |
|
|
None => { |
|
|
None => err!("AuthRequest doesn't exist", "Record not found"), |
|
|
err!("AuthRequest doesn't exist") |
|
|
|
|
|
} |
|
|
|
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
if headers.user.uuid != auth_request.user_uuid { |
|
|
|
|
|
err!("AuthRequest doesn't exist", "User uuid's do not match") |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
auth_request.approved = Some(data.request_approved); |
|
|
auth_request.approved = Some(data.request_approved); |
|
|
auth_request.enc_key = Some(data.key); |
|
|
auth_request.enc_key = Some(data.key); |
|
|
auth_request.master_password_hash = data.master_password_hash; |
|
|
auth_request.master_password_hash = data.master_password_hash; |
|
@ -1197,59 +1201,57 @@ async fn put_auth_request( |
|
|
nt.send_auth_response(&auth_request.user_uuid, &auth_request.uuid, data.device_identifier, &mut conn).await; |
|
|
nt.send_auth_response(&auth_request.user_uuid, &auth_request.uuid, data.device_identifier, &mut conn).await; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
let response_date_utc = auth_request |
|
|
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date)); |
|
|
.response_date |
|
|
|
|
|
.map(|response_date| response_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true)); |
|
|
Ok(Json(json!({ |
|
|
|
|
|
"id": uuid, |
|
|
Ok(Json(json!( |
|
|
"publicKey": auth_request.public_key, |
|
|
{ |
|
|
"requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(), |
|
|
"id": uuid, |
|
|
"requestIpAddress": auth_request.request_ip, |
|
|
"publicKey": auth_request.public_key, |
|
|
"key": auth_request.enc_key, |
|
|
"requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(), |
|
|
"masterPasswordHash": auth_request.master_password_hash, |
|
|
"requestIpAddress": auth_request.request_ip, |
|
|
"creationDate": format_date(&auth_request.creation_date), |
|
|
"key": auth_request.enc_key, |
|
|
"responseDate": response_date_utc, |
|
|
"masterPasswordHash": auth_request.master_password_hash, |
|
|
"requestApproved": auth_request.approved, |
|
|
"creationDate": auth_request.creation_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true), |
|
|
"origin": CONFIG.domain_origin(), |
|
|
"responseDate": response_date_utc, |
|
|
"object":"auth-request" |
|
|
"requestApproved": auth_request.approved, |
|
|
}))) |
|
|
"origin": CONFIG.domain_origin(), |
|
|
|
|
|
"object":"auth-request" |
|
|
|
|
|
} |
|
|
|
|
|
))) |
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#[get("/auth-requests/<uuid>/response?<code>")] |
|
|
#[get("/auth-requests/<uuid>/response?<code>")] |
|
|
async fn get_auth_request_response(uuid: &str, code: &str, mut conn: DbConn) -> JsonResult { |
|
|
async fn get_auth_request_response( |
|
|
|
|
|
uuid: &str, |
|
|
|
|
|
code: &str, |
|
|
|
|
|
client_headers: ClientHeaders, |
|
|
|
|
|
mut conn: DbConn, |
|
|
|
|
|
) -> JsonResult { |
|
|
let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await { |
|
|
let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await { |
|
|
Some(auth_request) => auth_request, |
|
|
Some(auth_request) => auth_request, |
|
|
None => { |
|
|
None => err!("AuthRequest doesn't exist", "User not found"), |
|
|
err!("AuthRequest doesn't exist") |
|
|
|
|
|
} |
|
|
|
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
if !auth_request.check_access_code(code) { |
|
|
if auth_request.device_type != client_headers.device_type |
|
|
err!("Access code invalid doesn't exist") |
|
|
&& auth_request.request_ip != client_headers.ip.ip.to_string() |
|
|
|
|
|
&& !auth_request.check_access_code(code) |
|
|
|
|
|
{ |
|
|
|
|
|
err!("AuthRequest doesn't exist", "Invalid device, IP or code") |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
let response_date_utc = auth_request |
|
|
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date)); |
|
|
.response_date |
|
|
|
|
|
.map(|response_date| response_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true)); |
|
|
Ok(Json(json!({ |
|
|
|
|
|
"id": uuid, |
|
|
Ok(Json(json!( |
|
|
"publicKey": auth_request.public_key, |
|
|
{ |
|
|
"requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(), |
|
|
"id": uuid, |
|
|
"requestIpAddress": auth_request.request_ip, |
|
|
"publicKey": auth_request.public_key, |
|
|
"key": auth_request.enc_key, |
|
|
"requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(), |
|
|
"masterPasswordHash": auth_request.master_password_hash, |
|
|
"requestIpAddress": auth_request.request_ip, |
|
|
"creationDate": format_date(&auth_request.creation_date), |
|
|
"key": auth_request.enc_key, |
|
|
"responseDate": response_date_utc, |
|
|
"masterPasswordHash": auth_request.master_password_hash, |
|
|
"requestApproved": auth_request.approved, |
|
|
"creationDate": auth_request.creation_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true), |
|
|
"origin": CONFIG.domain_origin(), |
|
|
"responseDate": response_date_utc, |
|
|
"object":"auth-request" |
|
|
"requestApproved": auth_request.approved, |
|
|
}))) |
|
|
"origin": CONFIG.domain_origin(), |
|
|
|
|
|
"object":"auth-request" |
|
|
|
|
|
} |
|
|
|
|
|
))) |
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#[get("/auth-requests")] |
|
|
#[get("/auth-requests")] |
|
@ -1261,7 +1263,7 @@ async fn get_auth_requests(headers: Headers, mut conn: DbConn) -> JsonResult { |
|
|
.iter() |
|
|
.iter() |
|
|
.filter(|request| request.approved.is_none()) |
|
|
.filter(|request| request.approved.is_none()) |
|
|
.map(|request| { |
|
|
.map(|request| { |
|
|
let response_date_utc = request.response_date.map(|response_date| response_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true)); |
|
|
let response_date_utc = request.response_date.map(|response_date| format_date(&response_date)); |
|
|
|
|
|
|
|
|
json!({ |
|
|
json!({ |
|
|
"id": request.uuid, |
|
|
"id": request.uuid, |
|
@ -1270,7 +1272,7 @@ async fn get_auth_requests(headers: Headers, mut conn: DbConn) -> JsonResult { |
|
|
"requestIpAddress": request.request_ip, |
|
|
"requestIpAddress": request.request_ip, |
|
|
"key": request.enc_key, |
|
|
"key": request.enc_key, |
|
|
"masterPasswordHash": request.master_password_hash, |
|
|
"masterPasswordHash": request.master_password_hash, |
|
|
"creationDate": request.creation_date.and_utc().to_rfc3339_opts(SecondsFormat::Micros, true), |
|
|
"creationDate": format_date(&request.creation_date), |
|
|
"responseDate": response_date_utc, |
|
|
"responseDate": response_date_utc, |
|
|
"requestApproved": request.approved, |
|
|
"requestApproved": request.approved, |
|
|
"origin": CONFIG.domain_origin(), |
|
|
"origin": CONFIG.domain_origin(), |
|
|