* [pbs-devel] [PATCH backup 1/3] tfa: add 'created' timestamp to entries
@ 2021-01-18 12:50 Wolfgang Bumiller
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 2/3] gui: tfa: show when entries were created Wolfgang Bumiller
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Wolfgang Bumiller @ 2021-01-18 12:50 UTC (permalink / raw)
To: pbs-devel
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
src/api2/access/tfa.rs | 16 +++++++++-------
src/config/tfa.rs | 28 +++++++++++++++++++++++-----
2 files changed, 32 insertions(+), 12 deletions(-)
diff --git a/src/api2/access/tfa.rs b/src/api2/access/tfa.rs
index faef06a8..0298b2e1 100644
--- a/src/api2/access/tfa.rs
+++ b/src/api2/access/tfa.rs
@@ -82,12 +82,12 @@ fn to_data(data: TfaUserData) -> Vec<TypedTfaInfo> {
data.totp.len()
+ data.u2f.len()
+ data.webauthn.len()
- + if data.has_recovery() { 1 } else { 0 },
+ + if data.recovery().is_some() { 1 } else { 0 },
);
- if data.has_recovery() {
+ if let Some(recovery) = data.recovery() {
out.push(TypedTfaInfo {
ty: TfaType::Recovery,
- info: TfaInfo::recovery(),
+ info: TfaInfo::recovery(recovery.created),
})
}
for entry in data.totp {
@@ -184,10 +184,12 @@ fn get_tfa_entry(userid: Userid, id: String) -> Result<TypedTfaInfo, Error> {
entry.map(|(ty, index, _)| (ty, index))
} {
Some((TfaType::Recovery, _)) => {
- return Ok(TypedTfaInfo {
- ty: TfaType::Recovery,
- info: TfaInfo::recovery(),
- })
+ if let Some(recovery) = user_data.recovery() {
+ return Ok(TypedTfaInfo {
+ ty: TfaType::Recovery,
+ info: TfaInfo::recovery(recovery.created),
+ });
+ }
}
Some((TfaType::Totp, index)) => {
return Ok(TypedTfaInfo {
diff --git a/src/config/tfa.rs b/src/config/tfa.rs
index 5d01ea82..aff1b3d8 100644
--- a/src/config/tfa.rs
+++ b/src/config/tfa.rs
@@ -345,6 +345,9 @@ pub struct TfaInfo {
/// User chosen description for this entry.
pub description: String,
+ /// Creation time of this entry as unix epoch.
+ pub created: i64,
+
/// Whether this TFA entry is currently enabled.
#[serde(skip_serializing_if = "is_default_tfa_enable")]
#[serde(default = "default_tfa_enable")]
@@ -353,11 +356,12 @@ pub struct TfaInfo {
impl TfaInfo {
/// For recovery keys we have a fixed entry.
- pub(crate) fn recovery() -> Self {
+ pub(crate) fn recovery(created: i64) -> Self {
Self {
id: "recovery".to_string(),
description: "recovery keys".to_string(),
enable: true,
+ created,
}
}
}
@@ -383,6 +387,7 @@ impl<T> TfaEntry<T> {
id: Uuid::generate().to_string(),
enable: true,
description,
+ created: proxmox::tools::time::epoch_i64(),
},
entry,
}
@@ -748,9 +753,13 @@ pub struct TfaUserData {
}
impl TfaUserData {
- /// Shortcut for the option type.
- pub fn has_recovery(&self) -> bool {
- !Recovery::option_is_empty(&self.recovery)
+ /// Shortcut to get the recovery entry only if it is not empty!
+ pub fn recovery(&self) -> Option<&Recovery> {
+ if Recovery::option_is_empty(&self.recovery) {
+ None
+ } else {
+ self.recovery.as_ref()
+ }
}
/// `true` if no second factors exist
@@ -758,7 +767,7 @@ impl TfaUserData {
self.totp.is_empty()
&& self.u2f.is_empty()
&& self.webauthn.is_empty()
- && !self.has_recovery()
+ && self.recovery().is_none()
}
/// Find an entry by id, except for the "recovery" entry which we're currently treating
@@ -1087,8 +1096,16 @@ impl TfaUserData {
/// Recovery entries. We use HMAC-SHA256 with a random secret as a salted hash replacement.
#[derive(Deserialize, Serialize)]
pub struct Recovery {
+ /// "Salt" used for the key HMAC.
secret: String,
+
+ /// Recovery key entries are HMACs of the original data. When used up they will become `None`
+ /// since the user is presented an enumerated list of codes, so we know the indices of used and
+ /// unused codes.
entries: Vec<Option<String>>,
+
+ /// Creation timestamp as a unix epoch.
+ pub created: i64,
}
impl Recovery {
@@ -1101,6 +1118,7 @@ impl Recovery {
let mut this = Self {
secret: AsHex(&secret).to_string(),
entries: Vec::with_capacity(10),
+ created: proxmox::tools::time::epoch_i64(),
};
let mut original = Vec::new();
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pbs-devel] [PATCH backup 2/3] gui: tfa: show when entries were created
2021-01-18 12:50 [pbs-devel] [PATCH backup 1/3] tfa: add 'created' timestamp to entries Wolfgang Bumiller
@ 2021-01-18 12:50 ` Wolfgang Bumiller
2021-01-18 14:03 ` [pbs-devel] applied: " Thomas Lamprecht
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 3/3] gui: tfa: make description fill the remaining space Wolfgang Bumiller
2021-01-18 14:02 ` [pbs-devel] applied: [PATCH backup 1/3] tfa: add 'created' timestamp to entries Thomas Lamprecht
2 siblings, 1 reply; 6+ messages in thread
From: Wolfgang Bumiller @ 2021-01-18 12:50 UTC (permalink / raw)
To: pbs-devel
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
www/config/TfaView.js | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/www/config/TfaView.js b/www/config/TfaView.js
index 883c9508..092153d8 100644
--- a/www/config/TfaView.js
+++ b/www/config/TfaView.js
@@ -10,7 +10,7 @@ Ext.define('pbs-tfa-users', {
Ext.define('pbs-tfa-entry', {
extend: 'Ext.data.Model',
- fields: ['fullid', 'type', 'description', 'enable'],
+ fields: ['fullid', 'type', 'description', 'created', 'enable'],
idProperty: 'fullid',
});
@@ -63,6 +63,7 @@ Ext.define('PBS.config.TfaView', {
fullid: `${user.id}/${entry.id}`,
type: entry.type,
description: entry.description,
+ created: entry.created,
enable: entry.enable,
});
});
@@ -205,6 +206,13 @@ Ext.define('PBS.config.TfaView', {
sortable: true,
dataIndex: 'type',
},
+ {
+ header: gettext('Created'),
+ width: 80,
+ sortable: true,
+ dataIndex: 'created',
+ renderer: Proxmox.Utils.render_timestamp,
+ },
{
header: gettext('Description'),
width: 300,
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pbs-devel] [PATCH backup 3/3] gui: tfa: make description fill the remaining space
2021-01-18 12:50 [pbs-devel] [PATCH backup 1/3] tfa: add 'created' timestamp to entries Wolfgang Bumiller
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 2/3] gui: tfa: show when entries were created Wolfgang Bumiller
@ 2021-01-18 12:50 ` Wolfgang Bumiller
2021-01-18 14:03 ` [pbs-devel] applied: " Thomas Lamprecht
2021-01-18 14:02 ` [pbs-devel] applied: [PATCH backup 1/3] tfa: add 'created' timestamp to entries Thomas Lamprecht
2 siblings, 1 reply; 6+ messages in thread
From: Wolfgang Bumiller @ 2021-01-18 12:50 UTC (permalink / raw)
To: pbs-devel
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
www/config/TfaView.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/www/config/TfaView.js b/www/config/TfaView.js
index 092153d8..a25c595e 100644
--- a/www/config/TfaView.js
+++ b/www/config/TfaView.js
@@ -219,6 +219,7 @@ Ext.define('PBS.config.TfaView', {
sortable: true,
dataIndex: 'description',
renderer: Ext.String.htmlEncode,
+ flex: 1,
},
],
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pbs-devel] applied: [PATCH backup 1/3] tfa: add 'created' timestamp to entries
2021-01-18 12:50 [pbs-devel] [PATCH backup 1/3] tfa: add 'created' timestamp to entries Wolfgang Bumiller
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 2/3] gui: tfa: show when entries were created Wolfgang Bumiller
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 3/3] gui: tfa: make description fill the remaining space Wolfgang Bumiller
@ 2021-01-18 14:02 ` Thomas Lamprecht
2 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2021-01-18 14:02 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Wolfgang Bumiller
On 18.01.21 13:50, Wolfgang Bumiller wrote:
> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
> ---
> src/api2/access/tfa.rs | 16 +++++++++-------
> src/config/tfa.rs | 28 +++++++++++++++++++++++-----
> 2 files changed, 32 insertions(+), 12 deletions(-)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pbs-devel] applied: [PATCH backup 2/3] gui: tfa: show when entries were created
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 2/3] gui: tfa: show when entries were created Wolfgang Bumiller
@ 2021-01-18 14:03 ` Thomas Lamprecht
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2021-01-18 14:03 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Wolfgang Bumiller
On 18.01.21 13:50, Wolfgang Bumiller wrote:
> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
> ---
> www/config/TfaView.js | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
applied, thanks!
> diff --git a/www/config/TfaView.js b/www/config/TfaView.js
> index 883c9508..092153d8 100644
> --- a/www/config/TfaView.js
> +++ b/www/config/TfaView.js
> @@ -10,7 +10,7 @@ Ext.define('pbs-tfa-users', {
>
> Ext.define('pbs-tfa-entry', {
> extend: 'Ext.data.Model',
> - fields: ['fullid', 'type', 'description', 'enable'],
> + fields: ['fullid', 'type', 'description', 'created', 'enable'],
> idProperty: 'fullid',
> });
>
> @@ -63,6 +63,7 @@ Ext.define('PBS.config.TfaView', {
> fullid: `${user.id}/${entry.id}`,
> type: entry.type,
> description: entry.description,
> + created: entry.created,
> enable: entry.enable,
> });
> });
> @@ -205,6 +206,13 @@ Ext.define('PBS.config.TfaView', {
> sortable: true,
> dataIndex: 'type',
> },
> + {
> + header: gettext('Created'),
> + width: 80,
changed to 150 to make the timestamp actually fully visible by default
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pbs-devel] applied: [PATCH backup 3/3] gui: tfa: make description fill the remaining space
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 3/3] gui: tfa: make description fill the remaining space Wolfgang Bumiller
@ 2021-01-18 14:03 ` Thomas Lamprecht
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2021-01-18 14:03 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Wolfgang Bumiller
On 18.01.21 13:50, Wolfgang Bumiller wrote:
> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
> ---
> www/config/TfaView.js | 1 +
> 1 file changed, 1 insertion(+)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-01-18 14:04 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-18 12:50 [pbs-devel] [PATCH backup 1/3] tfa: add 'created' timestamp to entries Wolfgang Bumiller
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 2/3] gui: tfa: show when entries were created Wolfgang Bumiller
2021-01-18 14:03 ` [pbs-devel] applied: " Thomas Lamprecht
2021-01-18 12:50 ` [pbs-devel] [PATCH backup 3/3] gui: tfa: make description fill the remaining space Wolfgang Bumiller
2021-01-18 14:03 ` [pbs-devel] applied: " Thomas Lamprecht
2021-01-18 14:02 ` [pbs-devel] applied: [PATCH backup 1/3] tfa: add 'created' timestamp to entries Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox