Browse Source
Fix MFA Remember (#7085)
Signed-off-by: BlackDex <black.dex@gmail.com>
main
1.35.6
Mathijs van Veluw
19 hours ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with
20 additions and
9 deletions
-
Cargo.lock
-
src/api/identity.rs
|
|
|
@ -2405,16 +2405,15 @@ dependencies = [ |
|
|
|
|
|
|
|
[[package]] |
|
|
|
name = "hyper-rustls" |
|
|
|
version = "0.27.7" |
|
|
|
version = "0.27.8" |
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index" |
|
|
|
checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58" |
|
|
|
checksum = "c2b52f86d1d4bc0d6b4e6826d960b1b333217e07d36b882dca570a5e1c48895b" |
|
|
|
dependencies = [ |
|
|
|
"http 1.4.0", |
|
|
|
"hyper 1.9.0", |
|
|
|
"hyper-util", |
|
|
|
"rustls 0.23.37", |
|
|
|
"rustls-native-certs", |
|
|
|
"rustls-pki-types", |
|
|
|
"tokio", |
|
|
|
"tokio-rustls 0.26.4", |
|
|
|
"tower-service", |
|
|
|
@ -3722,9 +3721,9 @@ dependencies = [ |
|
|
|
|
|
|
|
[[package]] |
|
|
|
name = "pkg-config" |
|
|
|
version = "0.3.32" |
|
|
|
version = "0.3.33" |
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index" |
|
|
|
checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" |
|
|
|
checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e" |
|
|
|
|
|
|
|
[[package]] |
|
|
|
name = "polling" |
|
|
|
@ -4409,12 +4408,12 @@ dependencies = [ |
|
|
|
|
|
|
|
[[package]] |
|
|
|
name = "rtoolbox" |
|
|
|
version = "0.0.3" |
|
|
|
version = "0.0.4" |
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index" |
|
|
|
checksum = "a7cc970b249fbe527d6e02e0a227762c9108b2f49d81094fe357ffc6d14d7f6f" |
|
|
|
checksum = "327b72899159dfae8060c51a1f6aebe955245bcd9cc4997eed0f623caea022e4" |
|
|
|
dependencies = [ |
|
|
|
"libc", |
|
|
|
"windows-sys 0.52.0", |
|
|
|
"windows-sys 0.59.0", |
|
|
|
] |
|
|
|
|
|
|
|
[[package]] |
|
|
|
|
|
|
|
@ -742,7 +742,7 @@ async fn twofactor_auth( |
|
|
|
|
|
|
|
TwoFactorIncomplete::mark_incomplete(&user.uuid, &device.uuid, &device.name, device.atype, ip, conn).await?; |
|
|
|
|
|
|
|
let twofactor_ids: Vec<_> = twofactors |
|
|
|
let mut twofactor_ids: Vec<_> = twofactors |
|
|
|
.iter() |
|
|
|
.filter_map(|tf| { |
|
|
|
let provider_type = TwoFactorType::from_i32(tf.atype)?; |
|
|
|
@ -753,6 +753,18 @@ async fn twofactor_auth( |
|
|
|
err!("No enabled and usable two factor providers are available for this account") |
|
|
|
} |
|
|
|
|
|
|
|
// Add TwoFactorTypes which are not stored as a record but might be enabled
|
|
|
|
// Since these types could also be not valid, we do some custom checks here
|
|
|
|
twofactor_ids.extend( |
|
|
|
[ |
|
|
|
(!CONFIG.disable_2fa_remember() && device.twofactor_remember.is_some()) |
|
|
|
.then_some(TwoFactorType::Remember as i32), |
|
|
|
user.totp_recover.is_some().then_some(TwoFactorType::RecoveryCode as i32), |
|
|
|
] |
|
|
|
.into_iter() |
|
|
|
.flatten(), |
|
|
|
); |
|
|
|
|
|
|
|
let selected_id = data.two_factor_provider.unwrap_or(twofactor_ids[0]); // If we aren't given a two factor provider, assume the first one
|
|
|
|
if !twofactor_ids.contains(&selected_id) { |
|
|
|
err_json!( |
|
|
|
|
