mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Authsession non empty vec (#1522)

Browse source
This commit is contained in:
MinhPhan8803 2023-04-07 19:00:45 -05:00 committed by GitHub
parent fda217fc3f
commit bd1215299a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
server/lib/src/idm/authsession.rs
View file

@ -18,6 +18,7 @@ use kanidm_proto::v1::{
use tokio::sync::mpsc::UnboundedSender as Sender; use tokio::sync::mpsc::UnboundedSender as Sender;
use uuid::Uuid; use uuid::Uuid;
// use webauthn_rs::prelude::DeviceKey as DeviceKeyV4; // use webauthn_rs::prelude::DeviceKey as DeviceKeyV4;
use nonempty::{nonempty, NonEmpty};
use webauthn_rs::prelude::Passkey as PasskeyV4; use webauthn_rs::prelude::Passkey as PasskeyV4;
use webauthn_rs::prelude::{ use webauthn_rs::prelude::{
CredentialID, PasskeyAuthentication, RequestChallengeResponse, SecurityKeyAuthentication, CredentialID, PasskeyAuthentication, RequestChallengeResponse, SecurityKeyAuthentication,
@ -84,7 +85,7 @@ enum AuthIntent {
/// A response type to indicate the progress and potential result of an authentication attempt. /// A response type to indicate the progress and potential result of an authentication attempt.
enum CredState { enum CredState {
Success { auth_type: AuthType, cred_id: Uuid }, Success { auth_type: AuthType, cred_id: Uuid },
Continue(Vec<AuthAllowed>), Continue(NonEmpty<AuthAllowed>),
Denied(&'static str), Denied(&'static str),
} }
@ -420,7 +421,7 @@ impl CredHandler {
admin_warn!("unable to queue delayed webauthn property update, continuing ... "); admin_warn!("unable to queue delayed webauthn property update, continuing ... ");
}; };
}; };
CredState::Continue(vec![AuthAllowed::Password]) CredState::Continue(nonempty![AuthAllowed::Password])
} }
Err(e) => { Err(e) => {
pw_mfa.mfa_state = CredVerifyState::Fail; pw_mfa.mfa_state = CredVerifyState::Fail;
@ -447,7 +448,7 @@ impl CredHandler {
security_info!( security_info!(
"Handler::PasswordMfa -> Result::Continue - TOTP ({}) OK, password -", label "Handler::PasswordMfa -> Result::Continue - TOTP ({}) OK, password -", label
); );
CredState::Continue(vec![AuthAllowed::Password]) CredState::Continue(nonempty![AuthAllowed::Password])
} else { } else {
pw_mfa.mfa_state = CredVerifyState::Fail; pw_mfa.mfa_state = CredVerifyState::Fail;
security_error!( security_error!(
@ -470,7 +471,7 @@ impl CredHandler {
}; };
pw_mfa.mfa_state = CredVerifyState::Success; pw_mfa.mfa_state = CredVerifyState::Success;
security_info!("Handler::PasswordMfa -> Result::Continue - BackupCode OK, password -"); security_info!("Handler::PasswordMfa -> Result::Continue - BackupCode OK, password -");
CredState::Continue(vec![AuthAllowed::Password]) CredState::Continue(nonempty![AuthAllowed::Password])
} else { } else {
pw_mfa.mfa_state = CredVerifyState::Fail; pw_mfa.mfa_state = CredVerifyState::Fail;
security_error!("Handler::PasswordMfa -> Result::Denied - BackupCode Fail, password -"); security_error!("Handler::PasswordMfa -> Result::Denied - BackupCode Fail, password -");
@ -1037,7 +1038,7 @@ impl AuthSession {
} }
CredState::Continue(allowed) => { CredState::Continue(allowed) => {
security_info!(?allowed, "Request credential continuation"); security_info!(?allowed, "Request credential continuation");
(None, Ok(AuthState::Continue(allowed))) (None, Ok(AuthState::Continue(allowed.into_iter().collect())))
} }
CredState::Denied(reason) => { CredState::Denied(reason) => {
security_info!(%reason, "Credentials denied"); security_info!(%reason, "Credentials denied");