mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-12-11 17:31:24 +01:00
Validate YUBICO_SERVER string (#3003)
If the `YUBICO_SERVER` is defined to an empty string, the whole yubikey implementation doesn't work anymore. This PR adds a check for this variable that it at least starts with `https://`. Resolves #3003
This commit is contained in:
parent
ad60eaa0f3
commit
6d01aaa80f
1 changed files with 11 additions and 2 deletions
|
@ -704,8 +704,17 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
|
||||||
err!("All Duo options need to be set for global Duo support")
|
err!("All Duo options need to be set for global Duo support")
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg._enable_yubico && cfg.yubico_client_id.is_some() != cfg.yubico_secret_key.is_some() {
|
if cfg._enable_yubico {
|
||||||
err!("Both `YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY` need to be set for Yubikey OTP support")
|
if cfg.yubico_client_id.is_some() != cfg.yubico_secret_key.is_some() {
|
||||||
|
err!("Both `YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY` must be set for Yubikey OTP support")
|
||||||
|
}
|
||||||
|
|
||||||
|
if let Some(yubico_server) = &cfg.yubico_server {
|
||||||
|
let yubico_server = yubico_server.to_lowercase();
|
||||||
|
if !yubico_server.starts_with("https://") {
|
||||||
|
err!("`YUBICO_SERVER` must be a valid URL and start with 'https://'. Either unset this variable or provide a valid URL.")
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg._enable_smtp {
|
if cfg._enable_smtp {
|
||||||
|
|
Loading…
Reference in a new issue