proxmox-mirrors/proxmox
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox synced 2025-08-15 01:57:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

auth-api: update to new tfa crate

Browse Source 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2023-05-10 10:43:13 +02:00
parent 39017fa334
commit 4324aea004
1 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
proxmox-auth-api/src/api/access.rs
View File

@ -202,20 +202,32 @@ fn authenticate_2nd(
#[allow(clippy::let_unit_value)] #[allow(clippy::let_unit_value)]
{ {
use proxmox_tfa::api::TfaResult;
let mut tfa_config_lock = auth_context.tfa_config_write_lock()?; let mut tfa_config_lock = auth_context.tfa_config_write_lock()?;
let (locked_config, tfa_config) = tfa_config_lock.config_mut(); let (locked_config, tfa_config) = tfa_config_lock.config_mut();
if tfa_config let result = tfa_config.verify(
.verify(
locked_config, locked_config,
userid.as_str(), userid.as_str(),
&challenge, &challenge,
response.parse()?, response.parse()?,
None, None,
)? );
.needs_saving()
{ let (success, needs_saving) = match result {
TfaResult::Locked => (false, false),
TfaResult::Failure { needs_saving, .. } => {
// TODO: Implement notifications for totp/tfa limits!
(false, needs_saving)
}
TfaResult::Success { needs_saving } => (true, needs_saving),
};
if needs_saving {
tfa_config_lock.save_config()?; tfa_config_lock.save_config()?;
} }
if !success {
bail!("authentication failed");
}
} }
Ok(AuthResult::CreateTicket) Ok(AuthResult::CreateTicket)