proxmox-mirrors/proxmox
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox synced 2025-07-25 21:28:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tfa: don't return a challenge if all 2nd factors are disabled

Browse Source 
Instead, this should allow the user to login without them.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2023-04-18 11:24:00 +02:00
parent ea1d023a61
commit 4b3d171b2d
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
proxmox-tfa/src/api/mod.rs
View File

@ -566,7 +566,7 @@ impl TfaUserData {
return Ok(None); return Ok(None);
} }
Ok(Some(TfaChallenge { let challenge = TfaChallenge {
totp: self.totp.iter().any(|e| e.info.enable), totp: self.totp.iter().any(|e| e.info.enable),
recovery: self.recovery_state(), recovery: self.recovery_state(),
webauthn: match webauthn { webauthn: match webauthn {
@ -578,7 +578,14 @@ impl TfaUserData {
None => None, None => None,
}, },
yubico: self.yubico.iter().any(|e| e.info.enable), yubico: self.yubico.iter().any(|e| e.info.enable),
})) };
// This happens if 2nd factors exist but are all disabled.
if challenge.is_empty() {
return Ok(None);
}
Ok(Some(challenge))
} }
/// Get the recovery state. /// Get the recovery state.
@ -863,6 +870,16 @@ pub struct TfaChallenge {
pub yubico: bool, pub yubico: bool,
} }
impl TfaChallenge {
pub fn is_empty(&self) -> bool {
!self.totp
&& self.recovery.is_none()
&& self.u2f.is_none()
&& self.webauthn.is_none()
&& !self.yubico
}
}
fn bool_is_false(v: &bool) -> bool { fn bool_is_false(v: &bool) -> bool {
!v !v
} }