IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Note that this was currently not deserialized anywhere, so this was
not an issue, but the api-macro now treats this as an error.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Since this requires access to the user data, we need to add
a generic parameter to the unlock methods.
To avoid having to create another major API bump affecting
all our products this short after release, we keep the old
version around with the old behavior.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
It is very common for TOTP URIs to contain the algorithm in lowercase,
hence we convert to lowercase when doing From<&str> for Algorithm.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
This mostly serves as documentation for the API call to be
implemented across our products. It's otherwise already just
a oneliner on the TfaConfig.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Use a custom result type to return success/failure and the
need to save the user data to the caller, while having
logged the error messages rather than returning them.
We count general TFA failures and also TOTP specifically,
and lock the user out of their 2nd factors on too many
failures.
To this end, all errors are now treated as failures.
While technically we can have crypto errors the user might
not be able to cause, we can't always know, and not all
errors are guaranteed to be a host side configuration issue,
so instead, all errors (since they are rare) now now counted
as a regular TFA error.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
TfaUserData uses `#[serde(deny_unknown_fields)]`, so we add
this now, but using it will require explicitly enabling it.
If the TOTP count is high, the user should be locked out of
TOTP entirely until they use a recovery key to reset the
count.
If a user's TFA try count is too high, they should get rate
limited.
In both cases they should receive some kind of notification.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
without adding the entire API as well, so API clients can
actually use the types used by the api methods without
requiring the backend implementation being built in as
well...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
If WA or U2F fail to produce a challenge, the user may still
log in with other factors and the challenge will be
considered to not be empty.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This should only ever be explicitly removed.
Similarly, include an empty array of recovery keys in the
tfa challenge, so that clients know about empty recoveries
rather than getting an empty challenge when there are no
other factors available.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
while these are (currently) only used by a single member each, having *all*
dependency versions specified in the top level Cargo.toml only makes the whole
process of managing them less error-prone.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
so that we no longer have to (or forget to) bump the version in multiple places.
notable changes:
- outdated versions have been unified
- proxmox-metrics -> proxmox-async no longer uses explicit empty features
(proxmox-async doesn't provide any anyway)
- proxmox-subscription -> proxmox-http no longer uses explicit default_features
= false (proxmox-http has an empty default feature anyway)
- missing path dependencies added (mainly proxmox-rest-server)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
noteworthy changes:
- proxmox-http had a default_features_false dep on hyper, which is dropped (the
default feature is empty anyway)
- hyper, libc, nix, tokio and url versions are unified
- missing (cosmetic) bindgen feature on zstd enabled everywhere
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
to reduce the creep of optional dependencies being exposed as features.
this requires cargo 0.63 (and debcargo built against at least that
version), but greatly reduces the number of binary packages and provides
generated, while still allowing sensible selection of optional
dependencies via the explicit feature meant for pulling them in.
diff stat for running `make deb` after this change:
proxmox-http/debian/control | 226 ++++--------------------------------
proxmox-router/debian/control | 74 +-----------
proxmox-schema/debian/control | 53 ++-------
proxmox-subscription/debian/control | 17 +--
proxmox-sys/debian/control | 51 +++-----
proxmox-tfa/debian/control | 110 ++----------------
6 files changed, 72 insertions(+), 459 deletions(-)
the 'dep:' prefix marks something on the RHS inside the features section
as dependency, it's only allowed if the string after it is an optional
dependency an no explicit feature of the same name exists. if all
pointers to the optional dependency in the features section are marked
as such, the optional dependency itself will not be exposed as a feature
(either on the cargo or debian/control level).
the '?' suffix marks dependencies as "weak", which only enables the
optional dependency + its feature(s) if the optional dependency itself
is also enabled. it has no effect on d/control since such a relationship
is not encodable in Debian package relations, but it does affect cargo
dependency resolution and allows skipping the build of unneeded optional
dependencies in some cases.
with no packages/crates depending on the no longer exposed automatically
generated features/packages, so these are safe to remove even though
it's technically a breaking change.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>