Make sure TOTP codes can be both Numbers or Strings, fixes #30

This commit is contained in:
Daniel García 2018-05-26 23:04:23 +02:00
parent ca01fa1419
commit 2cf46e1a5f
2 changed files with 16 additions and 6 deletions

View file

@ -6,7 +6,7 @@ use db::DbConn;
use crypto;
use api::{PasswordData, JsonResult};
use api::{PasswordData, JsonResult, NumberOrString};
use auth::Headers;
#[get("/two-factor")]
@ -98,12 +98,12 @@ fn generate_authenticator(data: Json<PasswordData>, headers: Headers) -> JsonRes
})))
}
#[derive(Deserialize)]
#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct EnableTwoFactorData {
masterPasswordHash: String,
key: String,
token: u64,
token: NumberOrString,
}
#[post("/two-factor/authenticator", data = "<data>")]
@ -111,7 +111,10 @@ fn activate_authenticator(data: Json<EnableTwoFactorData>, headers: Headers, con
let data: EnableTwoFactorData = data.into_inner();
let password_hash = data.masterPasswordHash;
let key = data.key;
let token = data.token;
let token = match data.token.to_i32() {
Some(n) => n as u64,
None => err!("Malformed token")
};
if !headers.user.check_valid_password(&password_hash) {
err!("Invalid password");
@ -154,7 +157,7 @@ fn activate_authenticator(data: Json<EnableTwoFactorData>, headers: Headers, con
struct DisableTwoFactorData {
masterPasswordHash: String,
#[serde(rename = "type")]
type_: u32,
type_: NumberOrString,
}
#[post("/two-factor/disable", data = "<data>")]

View file

@ -22,7 +22,7 @@ struct PasswordData {
masterPasswordHash: String
}
#[derive(Deserialize)]
#[derive(Deserialize, Debug)]
#[serde(untagged)]
enum NumberOrString {
Number(i32),
@ -36,4 +36,11 @@ impl NumberOrString {
NumberOrString::String(s) => s
}
}
fn to_i32(self) -> Option<i32> {
match self {
NumberOrString::Number(n) => Some(n),
NumberOrString::String(s) => s.parse().ok()
}
}
}