From b359df7045a8c3a29dc06d80ce7ff15d88ea3955 Mon Sep 17 00:00:00 2001 From: Miroslav Prasil Date: Sat, 3 Nov 2018 10:25:15 +0100 Subject: [PATCH 1/3] Switch from resin to balenalib --- Dockerfile.aarch64 | 2 +- Dockerfile.armv7 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 77bea2d3..d4b8e815 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -80,7 +80,7 @@ RUN cargo build --release --target=aarch64-unknown-linux-gnu -v ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM resin/aarch64-debian:stretch +FROM balenalib/aarch64-debian:stretch ENV ROCKET_ENV "staging" ENV ROCKET_WORKERS=10 diff --git a/Dockerfile.armv7 b/Dockerfile.armv7 index 2712ae65..d56de1e1 100644 --- a/Dockerfile.armv7 +++ b/Dockerfile.armv7 @@ -80,7 +80,7 @@ RUN cargo build --release --target=armv7-unknown-linux-gnueabihf -v ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM resin/armv7hf-debian:stretch +FROM balenalib/armv7hf-debian:stretch ENV ROCKET_ENV "staging" ENV ROCKET_WORKERS=10 From 760e0ab805c3e7610777ddad2c7d8392b765c7c6 Mon Sep 17 00:00:00 2001 From: Roman Hargrave Date: Fri, 9 Nov 2018 00:00:31 -0600 Subject: [PATCH 2/3] Initial u2f fix --- src/api/core/mod.rs | 1 + src/api/core/two_factor.rs | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 205bd5b2..3904acf7 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -80,6 +80,7 @@ pub fn routes() -> Vec { activate_authenticator, activate_authenticator_put, generate_u2f, + generate_u2f_challenge, activate_u2f, activate_u2f_put, diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs index 7d412e54..3ed13b13 100644 --- a/src/api/core/two_factor.rs +++ b/src/api/core/two_factor.rs @@ -273,6 +273,34 @@ fn generate_u2f(data: JsonUpcase, headers: Headers, conn: DbConn) }))) } +#[post("/two-factor/get-u2f-challenge", data = "")] +fn generate_u2f_challenge(data: JsonUpcase, headers: Headers, conn: DbConn) -> JsonResult { + let data: PasswordData = data.into_inner().data; + + if !headers.user.check_valid_password(&data.MasterPasswordHash) { + err!("Invalid password"); + } + + let user_uuid = &headers.user.uuid; + + let u2f_type = TwoFactorType::U2f as i32; + let register_type = TwoFactorType::U2fRegisterChallenge; + let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) { + Some(_) => (true, String::new()), + None => { + let c = _create_u2f_challenge(user_uuid, register_type, &conn); + (false, c.challenge) + } + }; + + Ok(Json(json!({ + "UserId": headers.user.uuid, + "AppId": APP_ID.to_string(), + "Challenge": challenge, + "Version": U2F_VERSION, + }))) +} + #[derive(Deserialize, Debug)] #[allow(non_snake_case)] struct EnableU2FData { From 62bc58e1453c885b15d3d56e4c50c985e2b9f4d2 Mon Sep 17 00:00:00 2001 From: Roman Hargrave Date: Fri, 9 Nov 2018 00:27:43 -0600 Subject: [PATCH 3/3] Clean up after u2f endpoint split --- src/api/core/two_factor.rs | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs index 3ed13b13..969b8c50 100644 --- a/src/api/core/two_factor.rs +++ b/src/api/core/two_factor.rs @@ -252,23 +252,10 @@ fn generate_u2f(data: JsonUpcase, headers: Headers, conn: DbConn) let user_uuid = &headers.user.uuid; let u2f_type = TwoFactorType::U2f as i32; - let register_type = TwoFactorType::U2fRegisterChallenge; - let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) { - Some(_) => (true, String::new()), - None => { - let c = _create_u2f_challenge(user_uuid, register_type, &conn); - (false, c.challenge) - } - }; + let enabled = TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn).is_some(); Ok(Json(json!({ "Enabled": enabled, - "Challenge": { - "UserId": headers.user.uuid, - "AppId": APP_ID.to_string(), - "Challenge": challenge, - "Version": U2F_VERSION, - }, "Object": "twoFactorU2f" }))) } @@ -283,15 +270,7 @@ fn generate_u2f_challenge(data: JsonUpcase, headers: Headers, conn let user_uuid = &headers.user.uuid; - let u2f_type = TwoFactorType::U2f as i32; - let register_type = TwoFactorType::U2fRegisterChallenge; - let (enabled, challenge) = match TwoFactor::find_by_user_and_type(user_uuid, u2f_type, &conn) { - Some(_) => (true, String::new()), - None => { - let c = _create_u2f_challenge(user_uuid, register_type, &conn); - (false, c.challenge) - } - }; + let challenge = _create_u2f_challenge(user_uuid, TwoFactorType::U2fRegisterChallenge, &conn).challenge; Ok(Json(json!({ "UserId": headers.user.uuid,