|
|
|
@ -16,6 +16,7 @@ use crate::{ |
|
|
|
log_user_event, |
|
|
|
two_factor::{authenticator, duo, duo_oidc, email, enforce_2fa_policy, webauthn, yubikey}, |
|
|
|
}, |
|
|
|
master_password_policy, |
|
|
|
push::register_push_device, |
|
|
|
ApiResult, EmptyResult, JsonResult, |
|
|
|
}, |
|
|
|
@ -293,18 +294,6 @@ async fn _sso_login(data: ConnectData, user_id: &mut Option<UserId>, conn: &mut |
|
|
|
authenticated_response(&user, &mut device, new_device, auth_tokens, twofactor_token, &now, conn, ip).await |
|
|
|
} |
|
|
|
|
|
|
|
#[derive(Default, Deserialize, Serialize)] |
|
|
|
#[serde(rename_all = "camelCase")] |
|
|
|
struct MasterPasswordPolicy { |
|
|
|
min_complexity: u8, |
|
|
|
min_length: u32, |
|
|
|
require_lower: bool, |
|
|
|
require_upper: bool, |
|
|
|
require_numbers: bool, |
|
|
|
require_special: bool, |
|
|
|
enforce_on_login: bool, |
|
|
|
} |
|
|
|
|
|
|
|
async fn _password_login( |
|
|
|
data: ConnectData, |
|
|
|
user_id: &mut Option<UserId>, |
|
|
|
@ -460,35 +449,7 @@ async fn authenticated_response( |
|
|
|
// Save to update `device.updated_at` to track usage
|
|
|
|
device.save(conn).await?; |
|
|
|
|
|
|
|
// Fetch all valid Master Password Policies and merge them into one with all true's and larges numbers as one policy
|
|
|
|
let master_password_policies: Vec<MasterPasswordPolicy> = |
|
|
|
OrgPolicy::find_accepted_and_confirmed_by_user_and_active_policy( |
|
|
|
&user.uuid, |
|
|
|
OrgPolicyType::MasterPassword, |
|
|
|
conn, |
|
|
|
) |
|
|
|
.await |
|
|
|
.into_iter() |
|
|
|
.filter_map(|p| serde_json::from_str(&p.data).ok()) |
|
|
|
.collect(); |
|
|
|
|
|
|
|
let master_password_policy = if !master_password_policies.is_empty() { |
|
|
|
let mut mpp_json = json!(master_password_policies.into_iter().reduce(|acc, policy| { |
|
|
|
MasterPasswordPolicy { |
|
|
|
min_complexity: acc.min_complexity.max(policy.min_complexity), |
|
|
|
min_length: acc.min_length.max(policy.min_length), |
|
|
|
require_lower: acc.require_lower || policy.require_lower, |
|
|
|
require_upper: acc.require_upper || policy.require_upper, |
|
|
|
require_numbers: acc.require_numbers || policy.require_numbers, |
|
|
|
require_special: acc.require_special || policy.require_special, |
|
|
|
enforce_on_login: acc.enforce_on_login || policy.enforce_on_login, |
|
|
|
} |
|
|
|
})); |
|
|
|
mpp_json["object"] = json!("masterPasswordPolicy"); |
|
|
|
mpp_json |
|
|
|
} else { |
|
|
|
json!({"object": "masterPasswordPolicy"}) |
|
|
|
}; |
|
|
|
let mp_policy = master_password_policy(user, conn).await; |
|
|
|
|
|
|
|
let mut result = json!({ |
|
|
|
"access_token": auth_tokens.access_token(), |
|
|
|
@ -502,7 +463,7 @@ async fn authenticated_response( |
|
|
|
"KdfParallelism": user.client_kdf_parallelism, |
|
|
|
"ResetMasterPassword": false, // TODO: Same as above
|
|
|
|
"ForcePasswordReset": false, |
|
|
|
"MasterPasswordPolicy": master_password_policy, |
|
|
|
"MasterPasswordPolicy": mp_policy, |
|
|
|
"scope": auth_tokens.scope(), |
|
|
|
"UserDecryptionOptions": { |
|
|
|
"HasMasterPassword": !user.password_hash.is_empty(), |
|
|
|
|
Timshel
2 months ago