Fixes the following clippy warnings:
warning: the borrowed expression implements the required traits
--> proxmox-tfa/src/api/recovery.rs:86:24
|
86 | Ok(hex::encode(&hmac))
| ^^^^^ help: change this to: `hmac`
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrows_for_generic_args
and
warning: this expression creates a reference which is immediately dereferenced by the compiler
--> proxmox-network-api/src/api_impl.rs:108:47
|
108 | interface.set_bond_slave_list(&slaves)?;
| ^^^^^^^ help: change this to: `slaves`
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow
= note: `#[warn(clippy::needless_borrow)]` on by default
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Fixes the clippy warning:
warning: use of `unwrap_or_else` to construct default value
--> proxmox-tfa/src/api/mod.rs:1355:43
|
1355 | |cap| cap.map(Vec::with_capacity).unwrap_or_else(Vec::new),
| ^^^^^^^^^^^^^^^^^^^^^^^^ help: try: `unwrap_or_default()`
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unwrap_or_default
= note: `#[warn(clippy::unwrap_or_default)]` on by default
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Note that this was currently not deserialized anywhere, so this was
not an issue, but the api-macro now treats this as an error.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Since this requires access to the user data, we need to add
a generic parameter to the unlock methods.
To avoid having to create another major API bump affecting
all our products this short after release, we keep the old
version around with the old behavior.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
It is very common for TOTP URIs to contain the algorithm in lowercase,
hence we convert to lowercase when doing From<&str> for Algorithm.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
This mostly serves as documentation for the API call to be
implemented across our products. It's otherwise already just
a oneliner on the TfaConfig.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Use a custom result type to return success/failure and the
need to save the user data to the caller, while having
logged the error messages rather than returning them.
We count general TFA failures and also TOTP specifically,
and lock the user out of their 2nd factors on too many
failures.
To this end, all errors are now treated as failures.
While technically we can have crypto errors the user might
not be able to cause, we can't always know, and not all
errors are guaranteed to be a host side configuration issue,
so instead, all errors (since they are rare) now now counted
as a regular TFA error.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
TfaUserData uses `#[serde(deny_unknown_fields)]`, so we add
this now, but using it will require explicitly enabling it.
If the TOTP count is high, the user should be locked out of
TOTP entirely until they use a recovery key to reset the
count.
If a user's TFA try count is too high, they should get rate
limited.
In both cases they should receive some kind of notification.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
