topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Implement fromform, and ignore case and underscores, fixes #298

pull/302/head
Daniel García 6 years ago
parent
a335bcd682
commit
5a9aab1a32
No known key found for this signature in database GPG Key ID: FC8A7D14C3CD543A
1 changed files with 56 additions and 46 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 102
      src/api/identity.rs

102
src/api/identity.rs
View File

@ -1,4 +1,4 @@
use rocket::request::LenientForm; use rocket::request::{Form, FormItems, FromForm};
use rocket::Route; use rocket::Route;
use rocket_contrib::json::Json; use rocket_contrib::json::Json;
@ -22,13 +22,27 @@ pub fn routes() -> Vec<Route> {
} }
#[post("/connect/token", data = "<data>")] #[post("/connect/token", data = "<data>")]
fn login(data: LenientForm<ConnectData>, conn: DbConn, ip: ClientIp) -> JsonResult { fn login(data: Form<ConnectData>, conn: DbConn, ip: ClientIp) -> JsonResult {
let data: ConnectData = data.into_inner(); let data: ConnectData = data.into_inner();
validate_data(&data)?;
match data.grant_type { match data.grant_type.as_ref() {
GrantType::refresh_token => _refresh_login(data, conn), "refresh_token" => {
GrantType::password => _password_login(data, conn, ip), _check_is_some(&data.refresh_token, "refresh_token cannot be blank")?;
_refresh_login(data, conn)
}
"password" => {
_check_is_some(&data.client_id, "client_id cannot be blank")?;
_check_is_some(&data.password, "password cannot be blank")?;
_check_is_some(&data.scope, "scope cannot be blank")?;
_check_is_some(&data.username, "username cannot be blank")?;
_check_is_some(&data.device_identifier, "device_identifier cannot be blank")?;
_check_is_some(&data.device_name, "device_name cannot be blank")?;
_check_is_some(&data.device_type, "device_type cannot be blank")?;
_password_login(data, conn, ip)
}
t => err!("Invalid type", t),
} }
} }
@ -86,9 +100,10 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
)) ))
} }
// On iOS, device_type sends "iOS", on others it sends a number
let device_type = util::try_parse_string(data.device_type.as_ref()).unwrap_or(0); let device_type = util::try_parse_string(data.device_type.as_ref()).unwrap_or(0);
let device_id = data.device_identifier.clone().unwrap_or_else(crate::util::get_uuid); let device_id = data.device_identifier.clone().expect("No device id provided");
let device_name = data.device_name.clone().unwrap_or("unknown_device".into()); let device_name = data.device_name.clone().expect("No device name provided");
// Find device or create new // Find device or create new
let mut device = match Device::find_by_uuid(&device_id, &conn) { let mut device = match Device::find_by_uuid(&device_id, &conn) {
@ -101,7 +116,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
device device
} }
} }
None => Device::new(device_id, user.uuid.clone(), device_name, device_type) None => Device::new(device_id, user.uuid.clone(), device_name, device_type),
}; };
let twofactor_token = twofactor_auth(&user.uuid, &data.clone(), &mut device, &conn)?; let twofactor_token = twofactor_auth(&user.uuid, &data.clone(), &mut device, &conn)?;
@ -133,12 +148,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
Ok(Json(result)) Ok(Json(result))
} }
fn twofactor_auth( fn twofactor_auth(user_uuid: &str, data: &ConnectData, device: &mut Device, conn: &DbConn) -> ApiResult<Option<String>> {
user_uuid: &str,
data: &ConnectData,
device: &mut Device,
conn: &DbConn,
) -> ApiResult<Option<String>> {
let twofactors_raw = TwoFactor::find_by_user(user_uuid, conn); let twofactors_raw = TwoFactor::find_by_user(user_uuid, conn);
// Remove u2f challenge twofactors (impl detail) // Remove u2f challenge twofactors (impl detail)
let twofactors: Vec<_> = twofactors_raw.iter().filter(|tf| tf.type_ < 1000).collect(); let twofactors: Vec<_> = twofactors_raw.iter().filter(|tf| tf.type_ < 1000).collect();
@ -230,13 +240,9 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
let mut challenge_map = JsonMap::new(); let mut challenge_map = JsonMap::new();
challenge_map.insert("appId".into(), Value::String(request.app_id.clone())); challenge_map.insert("appId".into(), Value::String(request.app_id.clone()));
challenge_map challenge_map.insert("challenge".into(), Value::String(request.challenge.clone()));
.insert("challenge".into(), Value::String(request.challenge.clone()));
challenge_map.insert("version".into(), Value::String(key.version)); challenge_map.insert("version".into(), Value::String(key.version));
challenge_map.insert( challenge_map.insert("keyHandle".into(), Value::String(key.key_handle.unwrap_or_default()));
"keyHandle".into(),
Value::String(key.key_handle.unwrap_or_default()),
);
challenge_list.push(Value::Object(challenge_map)); challenge_list.push(Value::Object(challenge_map));
} }
@ -269,10 +275,10 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
Ok(result) Ok(result)
} }
#[derive(FromForm, Debug, Clone)] #[derive(Debug, Clone, Default)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct ConnectData { struct ConnectData {
grant_type: GrantType, grant_type: String, // refresh_token, password
// Needed for grant_type="refresh_token" // Needed for grant_type="refresh_token"
refresh_token: Option<String>, refresh_token: Option<String>,
@ -283,40 +289,44 @@ struct ConnectData {
scope: Option<String>, scope: Option<String>,
username: Option<String>, username: Option<String>,
#[form(field = "deviceIdentifier")]
device_identifier: Option<String>, device_identifier: Option<String>,
#[form(field = "deviceName")]
device_name: Option<String>, device_name: Option<String>,
#[form(field = "deviceType")]
device_type: Option<String>, device_type: Option<String>,
// Needed for two-factor auth // Needed for two-factor auth
#[form(field = "twoFactorProvider")]
two_factor_provider: Option<i32>, two_factor_provider: Option<i32>,
#[form(field = "twoFactorToken")]
two_factor_token: Option<String>, two_factor_token: Option<String>,
#[form(field = "twoFactorRemember")]
two_factor_remember: Option<i32>, two_factor_remember: Option<i32>,
} }
#[derive(FromFormValue, Debug, Clone, Copy)] impl<'f> FromForm<'f> for ConnectData {
#[allow(non_camel_case_types)] type Error = String;
enum GrantType {
refresh_token, fn from_form(items: &mut FormItems<'f>, _strict: bool) -> Result<Self, Self::Error> {
password, let mut form = Self::default();
} for item in items {
let (key, value) = item.key_value_decoded();
fn validate_data(data: &ConnectData) -> EmptyResult { let mut normalized_key = key.to_lowercase();
match data.grant_type { normalized_key.retain(|c| c != '_'); // Remove '_'
GrantType::refresh_token => {
_check_is_some(&data.refresh_token, "refresh_token cannot be blank") match normalized_key.as_ref() {
} "granttype" => form.grant_type = value,
GrantType::password => { "refreshtoken" => form.refresh_token = Some(value),
_check_is_some(&data.client_id, "client_id cannot be blank")?; "clientid" => form.client_id = Some(value),
_check_is_some(&data.password, "password cannot be blank")?; "password" => form.password = Some(value),
_check_is_some(&data.scope, "scope cannot be blank")?; "scope" => form.scope = Some(value),
_check_is_some(&data.username, "username cannot be blank") "username" => form.username = Some(value),
"deviceidentifier" => form.device_identifier = Some(value),
"devicename" => form.device_name = Some(value),
"devicetype" => form.device_type = Some(value),
"twofactorprovider" => form.two_factor_provider = value.parse().ok(),
"twofactortoken" => form.two_factor_token = Some(value),
"twofactorremember" => form.two_factor_remember = value.parse().ok(),
key => warn!("Detected unexpected parameter during login: {}", key),
}
} }
Ok(form)
} }
} }

Write Preview
Loading…
Cancel
Save