From 6cd8512bbd869dbb2370798fc473abfbec47fbb3 Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Tue, 7 Apr 2020 20:40:51 -0700 Subject: [PATCH] Fix Duo auth failure with non-lowercased email addresses --- src/api/core/two_factor/duo.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/api/core/two_factor/duo.rs b/src/api/core/two_factor/duo.rs index ca8f5403..1eb24f2d 100644 --- a/src/api/core/two_factor/duo.rs +++ b/src/api/core/two_factor/duo.rs @@ -21,9 +21,9 @@ pub fn routes() -> Vec { #[derive(Serialize, Deserialize)] struct DuoData { - host: String, - ik: String, - sk: String, + host: String, // Duo API hostname + ik: String, // integration key + sk: String, // secret key } impl DuoData { @@ -190,6 +190,7 @@ fn duo_api_request(method: &str, path: &str, params: &str, data: &DuoData) -> Em use reqwest::{header::*, Method, blocking::Client}; use std::str::FromStr; + // https://duo.com/docs/authapi#api-details let url = format!("https://{}{}", &data.host, path); let date = Utc::now().to_rfc2822(); let username = &data.ik; @@ -268,6 +269,10 @@ fn sign_duo_values(key: &str, email: &str, ikey: &str, prefix: &str, expire: i64 } pub fn validate_duo_login(email: &str, response: &str, conn: &DbConn) -> EmptyResult { + // email is as entered by the user, so it needs to be normalized before + // comparison with auth_user below. + let email = &email.to_lowercase(); + let split: Vec<&str> = response.split(':').collect(); if split.len() != 2 { err!("Invalid response length");