mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-12-14 09:33:44 +01:00
Auto generate akey
This commit is contained in:
parent
bf446f44f9
commit
cad63f9761
2 changed files with 44 additions and 19 deletions
|
@ -821,12 +821,19 @@ const APP_PREFIX: &str = "APP";
|
||||||
|
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
|
|
||||||
|
// let (ik, sk, ak) = get_duo_keys();
|
||||||
|
fn get_duo_keys() -> (String, String, String) {
|
||||||
|
(
|
||||||
|
CONFIG.duo_ikey().unwrap(),
|
||||||
|
CONFIG.duo_skey().unwrap(),
|
||||||
|
CONFIG.get_duo_akey(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
pub fn generate_duo_signature(email: &str) -> String {
|
pub fn generate_duo_signature(email: &str) -> String {
|
||||||
let now = Utc::now().timestamp();
|
let now = Utc::now().timestamp();
|
||||||
|
|
||||||
let ik = CONFIG.duo_ikey().unwrap();
|
let (ik, sk, ak) = get_duo_keys();
|
||||||
let sk = CONFIG.duo_skey().unwrap();
|
|
||||||
let ak = CONFIG.duo_akey().unwrap();
|
|
||||||
|
|
||||||
let duo_sign = sign_duo_values(&sk, email, &ik, DUO_PREFIX, now + DUO_EXPIRE);
|
let duo_sign = sign_duo_values(&sk, email, &ik, DUO_PREFIX, now + DUO_EXPIRE);
|
||||||
let app_sign = sign_duo_values(&ak, email, &ik, APP_PREFIX, now + APP_EXPIRE);
|
let app_sign = sign_duo_values(&ak, email, &ik, APP_PREFIX, now + APP_EXPIRE);
|
||||||
|
@ -852,9 +859,7 @@ pub fn validate_duo_login(email: &str, response: &str) -> EmptyResult {
|
||||||
|
|
||||||
let now = Utc::now().timestamp();
|
let now = Utc::now().timestamp();
|
||||||
|
|
||||||
let ik = CONFIG.duo_ikey().unwrap();
|
let (ik, sk, ak) = get_duo_keys();
|
||||||
let sk = CONFIG.duo_skey().unwrap();
|
|
||||||
let ak = CONFIG.duo_akey().unwrap();
|
|
||||||
|
|
||||||
let auth_user = parse_duo_values(&sk, auth_sig, &ik, AUTH_PREFIX, now)?;
|
let auth_user = parse_duo_values(&sk, auth_sig, &ik, AUTH_PREFIX, now)?;
|
||||||
let app_user = parse_duo_values(&ak, app_sig, &ik, APP_PREFIX, now)?;
|
let app_user = parse_duo_values(&ak, app_sig, &ik, APP_PREFIX, now)?;
|
||||||
|
|
|
@ -9,7 +9,7 @@ lazy_static! {
|
||||||
println!("Error loading config:\n\t{:?}\n", e);
|
println!("Error loading config:\n\t{:?}\n", e);
|
||||||
exit(12)
|
exit(12)
|
||||||
});
|
});
|
||||||
pub static ref CONFIG_FILE: String = {
|
pub static ref CONFIG_FILE: String = {
|
||||||
let data_folder = get_env("DATA_FOLDER").unwrap_or_else(|| String::from("data"));
|
let data_folder = get_env("DATA_FOLDER").unwrap_or_else(|| String::from("data"));
|
||||||
get_env("CONFIG_FILE").unwrap_or_else(|| format!("{}/config.json", data_folder))
|
get_env("CONFIG_FILE").unwrap_or_else(|| format!("{}/config.json", data_folder))
|
||||||
};
|
};
|
||||||
|
@ -64,7 +64,7 @@ macro_rules! make_config {
|
||||||
|
|
||||||
/// Merges the values of both builders into a new builder.
|
/// Merges the values of both builders into a new builder.
|
||||||
/// If both have the same element, `other` wins.
|
/// If both have the same element, `other` wins.
|
||||||
fn merge(&self, other: &Self) -> Self {
|
fn merge(&self, other: &Self, show_overrides: bool) -> Self {
|
||||||
let mut overrides = Vec::new();
|
let mut overrides = Vec::new();
|
||||||
let mut builder = self.clone();
|
let mut builder = self.clone();
|
||||||
$($(
|
$($(
|
||||||
|
@ -77,7 +77,7 @@ macro_rules! make_config {
|
||||||
}
|
}
|
||||||
)+)+
|
)+)+
|
||||||
|
|
||||||
if !overrides.is_empty() {
|
if show_overrides && !overrides.is_empty() {
|
||||||
// We can't use warn! here because logging isn't setup yet.
|
// We can't use warn! here because logging isn't setup yet.
|
||||||
println!("[WARNING] The following environment variables are being overriden by the config file,");
|
println!("[WARNING] The following environment variables are being overriden by the config file,");
|
||||||
println!("[WARNING] please use the admin panel to make changes to them:");
|
println!("[WARNING] please use the admin panel to make changes to them:");
|
||||||
|
@ -315,8 +315,8 @@ make_config! {
|
||||||
duo_skey: Pass, true, option;
|
duo_skey: Pass, true, option;
|
||||||
/// Host
|
/// Host
|
||||||
duo_host: String, true, option;
|
duo_host: String, true, option;
|
||||||
/// Application Key
|
/// Application Key (generated automatically)
|
||||||
duo_akey: Pass, true, option;
|
_duo_akey: Pass, false, option;
|
||||||
},
|
},
|
||||||
|
|
||||||
/// SMTP Email Settings
|
/// SMTP Email Settings
|
||||||
|
@ -349,10 +349,10 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cfg.duo_host.is_some() || cfg.duo_ikey.is_some() || cfg.duo_skey.is_some() || cfg.duo_akey.is_some())
|
if (cfg.duo_host.is_some() || cfg.duo_ikey.is_some() || cfg.duo_skey.is_some())
|
||||||
&& !(cfg.duo_host.is_some() && cfg.duo_ikey.is_some() && cfg.duo_skey.is_some() && cfg.duo_akey.is_some())
|
&& !(cfg.duo_host.is_some() && cfg.duo_ikey.is_some() && cfg.duo_skey.is_some())
|
||||||
{
|
{
|
||||||
err!("All Duo options need to be set for Duo support")
|
err!("All Duo options need to be set for global Duo support")
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.yubico_client_id.is_some() != cfg.yubico_secret_key.is_some() {
|
if cfg.yubico_client_id.is_some() != cfg.yubico_secret_key.is_some() {
|
||||||
|
@ -377,7 +377,7 @@ impl Config {
|
||||||
let _usr = ConfigBuilder::from_file(&CONFIG_FILE).unwrap_or_default();
|
let _usr = ConfigBuilder::from_file(&CONFIG_FILE).unwrap_or_default();
|
||||||
|
|
||||||
// Create merged config, config file overwrites env
|
// Create merged config, config file overwrites env
|
||||||
let builder = _env.merge(&_usr);
|
let builder = _env.merge(&_usr, true);
|
||||||
|
|
||||||
// Fill any missing with defaults
|
// Fill any missing with defaults
|
||||||
let config = builder.build();
|
let config = builder.build();
|
||||||
|
@ -406,7 +406,7 @@ impl Config {
|
||||||
// Prepare the combined config
|
// Prepare the combined config
|
||||||
let config = {
|
let config = {
|
||||||
let env = &self.inner.read().unwrap()._env;
|
let env = &self.inner.read().unwrap()._env;
|
||||||
env.merge(&builder).build()
|
env.merge(&builder, false).build()
|
||||||
};
|
};
|
||||||
validate_config(&config)?;
|
validate_config(&config)?;
|
||||||
|
|
||||||
|
@ -425,6 +425,14 @@ impl Config {
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn update_config_partial(&self, other: ConfigBuilder) -> Result<(), Error> {
|
||||||
|
let builder = {
|
||||||
|
let usr = &self.inner.read().unwrap()._usr;
|
||||||
|
usr.merge(&other, false)
|
||||||
|
};
|
||||||
|
self.update_config(builder)
|
||||||
|
}
|
||||||
|
|
||||||
pub fn delete_user_config(&self) -> Result<(), Error> {
|
pub fn delete_user_config(&self) -> Result<(), Error> {
|
||||||
crate::util::delete_file(&CONFIG_FILE)?;
|
crate::util::delete_file(&CONFIG_FILE)?;
|
||||||
|
|
||||||
|
@ -460,9 +468,21 @@ impl Config {
|
||||||
let inner = &self.inner.read().unwrap().config;
|
let inner = &self.inner.read().unwrap().config;
|
||||||
inner._enable_smtp && inner.smtp_host.is_some()
|
inner._enable_smtp && inner.smtp_host.is_some()
|
||||||
}
|
}
|
||||||
pub fn yubico_enabled(&self) -> bool {
|
|
||||||
let inner = &self.inner.read().unwrap().config;
|
pub fn get_duo_akey(&self) -> String {
|
||||||
inner._enable_yubico && inner.yubico_client_id.is_some() && inner.yubico_secret_key.is_some()
|
if let Some(akey) = self._duo_akey() {
|
||||||
|
akey
|
||||||
|
} else {
|
||||||
|
let akey = crate::crypto::get_random_64();
|
||||||
|
let akey_s = data_encoding::BASE64.encode(&akey);
|
||||||
|
|
||||||
|
// Save the new value
|
||||||
|
let mut builder = ConfigBuilder::default();
|
||||||
|
builder._duo_akey = Some(akey_s.clone());
|
||||||
|
self.update_config_partial(builder).ok();
|
||||||
|
|
||||||
|
akey_s
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn render_template<T: serde::ser::Serialize>(
|
pub fn render_template<T: serde::ser::Serialize>(
|
||||||
|
|
Loading…
Reference in a new issue