Fix Duo auth failure with non-lowercased email addresses

2024-11-21 20:56:37 +00:00 · 2020-04-07 20:40:51 -07:00 · 2020-04-07 20:40:51 -07:00 · 6cd8512bbd
commit 6cd8512bbd
parent 843604c9e7
1 changed files with 8 additions and 3 deletions
--- a/src/api/core/two_factor/duo.rs
+++ b/src/api/core/two_factor/duo.rs
@ -21,9 +21,9 @@ pub fn routes() -> Vec<Route> {

 #[derive(Serialize, Deserialize)]
 struct DuoData {
-    host: String,
-    ik: String,
-    sk: String,
+    host: String, // Duo API hostname
+    ik: String,   // integration key
+    sk: String,   // secret key
 }

 impl DuoData {
@ -190,6 +190,7 @@ fn duo_api_request(method: &str, path: &str, params: &str, data: &DuoData) -> Em
    use reqwest::{header::*, Method, blocking::Client};
    use std::str::FromStr;

+    // https://duo.com/docs/authapi#api-details
    let url = format!("https://{}{}", &data.host, path);
    let date = Utc::now().to_rfc2822();
    let username = &data.ik;
@ -268,6 +269,10 @@ fn sign_duo_values(key: &str, email: &str, ikey: &str, prefix: &str, expire: i64
 }

 pub fn validate_duo_login(email: &str, response: &str, conn: &DbConn) -> EmptyResult {
+    // email is as entered by the user, so it needs to be normalized before
+    // comparison with auth_user below.
+    let email = &email.to_lowercase();
+
    let split: Vec<&str> = response.split(':').collect();
    if split.len() != 2 {
        err!("Invalid response length");