nickslowinski
/
vaultwarden-test
geforkt von mirrored/vaultwarden
1
0
Fork 0
Code Pull-Requests Aktivität

Merge pull request #3398 from stefan0xC/dont-expect-kdf-memory-or-parallelism 

always return KdfMemory and KdfParallelism
Dieser Commit ist enthalten in:
Daniel García 2023-04-02 15:22:42 +02:00 committet von GitHub
Ursprung d1ecf03f44 39a5f2dbe8
Commit 867c6ba056
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: 4AEE18F83AFDEB23
3 geänderte Dateien mit 19 neuen und 40 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

16
src/api/core/accounts.rs
Datei anzeigen

@ -169,8 +169,8 @@ pub async fn _register(data: JsonUpcase<RegisterData>, mut conn: DbConn) -> Json
user.client_kdf_iter = client_kdf_iter;
}
user.client_kdf_parallelism = data.KdfMemory;
user.client_kdf_memory = data.KdfParallelism;
user.client_kdf_memory = data.KdfMemory;
user.client_kdf_parallelism = data.KdfParallelism;
user.set_password(&data.MasterPasswordHash, Some(data.Key), true, None);
user.password_hint = password_hint;
@ -389,6 +389,9 @@ async fn post_kdf(data: JsonUpcase<ChangeKdfData>, headers: Headers, mut conn: D
} else {
err!("Argon2 parallelism parameter is required.")
}
} else {
user.client_kdf_memory = None;
user.client_kdf_parallelism = None;
}
user.client_kdf_iter = data.KdfIterations;
user.client_kdf_type = data.Kdf;
@ -803,16 +806,13 @@ pub async fn _prelogin(data: JsonUpcase<PreloginData>, mut conn: DbConn) -> Json
None => (User::CLIENT_KDF_TYPE_DEFAULT, User::CLIENT_KDF_ITER_DEFAULT, None, None),
};
let mut result = json!({
let result = json!({
"Kdf": kdf_type,
"KdfIterations": kdf_iter,
"KdfMemory": kdf_mem,
"KdfParallelism": kdf_para,
});
if kdf_type == UserKdfType::Argon2id as i32 {
result["KdfMemory"] = Value::Number(kdf_mem.expect("Argon2 memory parameter is required.").into());
result["KdfParallelism"] = Value::Number(kdf_para.expect("Argon2 parallelism parameter is required.").into());
}
Json(result)
}

12
src/api/core/emergency_access.rs
Datei anzeigen

@ -628,21 +628,15 @@ async fn takeover_emergency_access(emer_id: String, headers: Headers, mut conn:
None => err!("Grantor user not found."),
};
let mut result = json!({
let result = json!({
"Kdf": grantor_user.client_kdf_type,
"KdfIterations": grantor_user.client_kdf_iter,
"KdfMemory": grantor_user.client_kdf_memory,
"KdfParallelism": grantor_user.client_kdf_parallelism,
"KeyEncrypted": &emergency_access.key_encrypted,
"Object": "emergencyAccessTakeover",
});
if grantor_user.client_kdf_type == UserKdfType::Argon2id as i32 {
result["KdfMemory"] =
Value::Number(grantor_user.client_kdf_memory.expect("Argon2 memory parameter is required.").into());
result["KdfParallelism"] = Value::Number(
grantor_user.client_kdf_parallelism.expect("Argon2 parallelism parameter is required.").into(),
);
}
Ok(Json(result))
}

31
src/api/identity.rs
Datei anzeigen

@ -107,7 +107,7 @@ async fn _refresh_login(data: ConnectData, conn: &mut DbConn) -> JsonResult {
let (access_token, expires_in) = device.refresh_tokens(&user, orgs, scope_vec);
device.save(conn).await?;
let mut result = json!({
let result = json!({
"access_token": access_token,
"expires_in": expires_in,
"token_type": "Bearer",
@ -117,18 +117,13 @@ async fn _refresh_login(data: ConnectData, conn: &mut DbConn) -> JsonResult {
"Kdf": user.client_kdf_type,
"KdfIterations": user.client_kdf_iter,
"KdfMemory": user.client_kdf_memory,
"KdfParallelism": user.client_kdf_parallelism,
"ResetMasterPassword": false, // TODO: according to official server seems something like: user.password_hash.is_empty(), but would need testing
"scope": scope,
"unofficialServer": true,
});
if user.client_kdf_type == UserKdfType::Argon2id as i32 {
result["KdfMemory"] =
Value::Number(user.client_kdf_memory.expect("Argon2 memory parameter is required.").into());
result["KdfParallelism"] =
Value::Number(user.client_kdf_parallelism.expect("Argon2 parallelism parameter is required.").into());
}
Ok(Json(result))
}
@ -260,6 +255,8 @@ async fn _password_login(
"Kdf": user.client_kdf_type,
"KdfIterations": user.client_kdf_iter,
"KdfMemory": user.client_kdf_memory,
"KdfParallelism": user.client_kdf_parallelism,
"ResetMasterPassword": false,// TODO: Same as above
"scope": scope,
"unofficialServer": true,
@ -269,13 +266,6 @@ async fn _password_login(
result["TwoFactorToken"] = Value::String(token);
}
if user.client_kdf_type == UserKdfType::Argon2id as i32 {
result["KdfMemory"] =
Value::Number(user.client_kdf_memory.expect("Argon2 memory parameter is required.").into());
result["KdfParallelism"] =
Value::Number(user.client_kdf_parallelism.expect("Argon2 parallelism parameter is required.").into());
}
info!("User {} logged in successfully. IP: {}", username, ip.ip);
Ok(Json(result))
}
@ -360,7 +350,7 @@ async fn _api_key_login(
// Note: No refresh_token is returned. The CLI just repeats the
// client_credentials login flow when the existing token expires.
let mut result = json!({
let result = json!({
"access_token": access_token,
"expires_in": expires_in,
"token_type": "Bearer",
@ -369,18 +359,13 @@ async fn _api_key_login(
"Kdf": user.client_kdf_type,
"KdfIterations": user.client_kdf_iter,
"KdfMemory": user.client_kdf_memory,
"KdfParallelism": user.client_kdf_parallelism,
"ResetMasterPassword": false, // TODO: Same as above
"scope": scope,
"unofficialServer": true,
});
if user.client_kdf_type == UserKdfType::Argon2id as i32 {
result["KdfMemory"] =
Value::Number(user.client_kdf_memory.expect("Argon2 memory parameter is required.").into());
result["KdfParallelism"] =
Value::Number(user.client_kdf_parallelism.expect("Argon2 parallelism parameter is required.").into());
}
Ok(Json(result))
}