0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-12-15 10:03:42 +01:00

Some more authrequest changes (#5188)

This commit is contained in:
Daniel García 2024-11-15 11:25:51 +01:00 committed by GitHub
parent ff33534c07
commit 0d16b38a68
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 12 additions and 2 deletions

View file

@ -1190,11 +1190,19 @@ async fn put_auth_request(
err!("AuthRequest doesn't exist", "User uuid's do not match") err!("AuthRequest doesn't exist", "User uuid's do not match")
} }
if auth_request.approved.is_some() {
err!("An authentication request with the same device already exists")
}
let response_date = Utc::now().naive_utc();
let response_date_utc = format_date(&response_date);
if data.request_approved { if data.request_approved {
auth_request.approved = Some(data.request_approved); auth_request.approved = Some(data.request_approved);
auth_request.enc_key = Some(data.key); auth_request.enc_key = Some(data.key);
auth_request.master_password_hash = data.master_password_hash; auth_request.master_password_hash = data.master_password_hash;
auth_request.response_device_id = Some(data.device_identifier.clone()); auth_request.response_device_id = Some(data.device_identifier.clone());
auth_request.response_date = Some(response_date);
auth_request.save(&mut conn).await?; auth_request.save(&mut conn).await?;
ant.send_auth_response(&auth_request.user_uuid, &auth_request.uuid).await; ant.send_auth_response(&auth_request.user_uuid, &auth_request.uuid).await;
@ -1204,8 +1212,6 @@ async fn put_auth_request(
auth_request.delete(&mut conn).await?; auth_request.delete(&mut conn).await?;
} }
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date));
Ok(Json(json!({ Ok(Json(json!({
"id": uuid, "id": uuid,
"publicKey": auth_request.public_key, "publicKey": auth_request.public_key,

View file

@ -190,8 +190,12 @@ async fn _password_login(
) )
}; };
let expiration_time = auth_request.creation_date + chrono::Duration::minutes(5);
let request_expired = Utc::now().naive_utc() >= expiration_time;
if auth_request.user_uuid != user.uuid if auth_request.user_uuid != user.uuid
|| !auth_request.approved.unwrap_or(false) || !auth_request.approved.unwrap_or(false)
|| request_expired
|| ip.ip.to_string() != auth_request.request_ip || ip.ip.to_string() != auth_request.request_ip
|| !auth_request.check_access_code(password) || !auth_request.check_access_code(password)
{ {