pve: update to proxmox-tfa 2.0

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-11-26 14:55:13 +01:00 · 2021-11-26 14:55:13 +01:00 · 89c6d59e60
commit 89c6d59e60
parent e8a5bf2866
3 changed files with 23 additions and 8 deletions
--- a/pve-rs/Cargo.toml
+++ b/pve-rs/Cargo.toml
@ -25,9 +25,10 @@ openssl = "0.10"
 serde = "1.0"
 serde_bytes = "0.11"
 serde_json = "1.0"
+url = "2"

 perlmod = { version = "0.9", features = [ "exporter" ] }

 proxmox-apt = "0.8"
 proxmox-openid = "0.9"
-proxmox-tfa = { version = "1.3.2", features = ["api"] }
+proxmox-tfa = { version = "2", features = ["api"] }
--- a/pve-rs/debian/control
+++ b/pve-rs/debian/control
@ -17,8 +17,8 @@ Build-Depends: debhelper (>= 12),
 librust-perlmod-0.8+exporter-dev (>= 0.8.1-~~),
 librust-proxmox-apt-0.8+default-dev,
 librust-proxmox-openid-0.9+default-dev,
- librust-proxmox-tfa-1+api-dev (>= 1.3-~~),
- librust-proxmox-tfa-1+default-dev (>= 1.3-~~),
+ librust-proxmox-tfa-2+api-dev,
+ librust-proxmox-tfa-2+default-dev,
 librust-serde-1+default-dev,
 librust-serde-bytes-0.11+default-dev,
 librust-serde-json-1+default-dev,
--- a/pve-rs/src/tfa.rs
+++ b/pve-rs/src/tfa.rs
@ -31,6 +31,7 @@ mod export {

    use anyhow::{bail, format_err, Error};
    use serde_bytes::ByteBuf;
+    use url::Url;

    use perlmod::Value;
    use proxmox_tfa::api::methods;
@ -243,10 +244,15 @@ mod export {
        #[raw] raw_this: Value,
        //#[try_from_ref] this: &Tfa,
        userid: &str,
+        origin: Option<Url>,
    ) -> Result<Option<String>, Error> {
        let this: &Tfa = (&raw_this).try_into()?;
        let mut inner = this.inner.lock().unwrap();
-        match inner.authentication_challenge(UserAccess::new(&raw_this)?, userid)? {
+        match inner.authentication_challenge(
+            UserAccess::new(&raw_this)?,
+            userid,
+            origin.as_ref(),
+        )? {
            Some(challenge) => Ok(Some(serde_json::to_string(&challenge)?)),
            None => Ok(None),
        }
@ -278,13 +284,20 @@ mod export {
        userid: &str,
        challenge: &str, //super::TfaChallenge,
        response: &str,
+        origin: Option<Url>,
    ) -> Result<bool, Error> {
        let this: &Tfa = (&raw_this).try_into()?;
        let challenge: super::TfaChallenge = serde_json::from_str(challenge)?;
        let response: super::TfaResponse = response.parse()?;
        let mut inner = this.inner.lock().unwrap();
        inner
-            .verify(UserAccess::new(&raw_this)?, userid, &challenge, response)
+            .verify(
+                UserAccess::new(&raw_this)?,
+                userid,
+                &challenge,
+                response,
+                origin.as_ref(),
+            )
            .map(|save| save.needs_saving())
    }

@ -342,6 +355,7 @@ mod export {
        value: Option<String>,
        challenge: Option<String>,
        ty: methods::TfaType,
+        origin: Option<Url>,
    ) -> Result<methods::TfaUpdateInfo, Error> {
        let this: &Tfa = (&raw_this).try_into()?;
        methods::add_tfa_entry(
@ -353,6 +367,7 @@ mod export {
            value,
            challenge,
            ty,
+            origin.as_ref(),
        )
    }

@ -864,11 +879,10 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
                Err(err) => {
                    eprintln!(
                        "failed to parse challenge data for user {}: {}",
-                        userid,
-                        err
+                        userid, err
                    );
                    Default::default()
-                },
+                }
            }
        };