Add /api/accounts/verify-password endpoint

If for some reason the hashed password is cleared from memory within a
bitwarden client it will try to verify the password at the server side.

This endpoint was missing.

Resolves #1156
This commit is contained in:
BlackDex 2020-09-25 18:26:48 +02:00
parent 2f3e18caa9
commit c64560016e

View File

@ -32,6 +32,7 @@ pub fn routes() -> Vec<rocket::Route> {
revision_date, revision_date,
password_hint, password_hint,
prelogin, prelogin,
verify_password,
] ]
} }
@ -623,3 +624,20 @@ fn prelogin(data: JsonUpcase<PreloginData>, conn: DbConn) -> JsonResult {
"KdfIterations": kdf_iter "KdfIterations": kdf_iter
}))) })))
} }
#[derive(Deserialize)]
#[allow(non_snake_case)]
struct VerifyPasswordData {
MasterPasswordHash: String,
}
#[post("/accounts/verify-password", data = "<data>")]
fn verify_password(data: JsonUpcase<VerifyPasswordData>, headers: Headers, _conn: DbConn) -> EmptyResult {
let data: VerifyPasswordData = data.into_inner().data;
let user = headers.user;
if !user.check_valid_password(&data.MasterPasswordHash) {
err!("Invalid password")
}
Ok(())
}