Make passwordless auth only act on notification click

This commit is contained in:
Bernd Schoolmann 2024-02-04 01:15:26 +01:00
parent 01fe7b7ff4
commit 6f10836300
No known key found for this signature in database

View File

@ -12,6 +12,7 @@ import (
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"github.com/quexten/goldwarden/agent/bitwarden/models" "github.com/quexten/goldwarden/agent/bitwarden/models"
"github.com/quexten/goldwarden/agent/config" "github.com/quexten/goldwarden/agent/config"
"github.com/quexten/goldwarden/agent/notify"
"github.com/quexten/goldwarden/agent/systemauth/biometrics" "github.com/quexten/goldwarden/agent/systemauth/biometrics"
"github.com/quexten/goldwarden/agent/systemauth/pinentry" "github.com/quexten/goldwarden/agent/systemauth/pinentry"
"github.com/quexten/goldwarden/agent/vault" "github.com/quexten/goldwarden/agent/vault"
@ -200,20 +201,23 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
} }
websocketLog.Info("AuthRequest details " + authRequest.RequestIpAddress + " " + authRequest.RequestDeviceType) websocketLog.Info("AuthRequest details " + authRequest.RequestIpAddress + " " + authRequest.RequestDeviceType)
var message = "Do you want to allow " + authRequest.RequestIpAddress + " (" + authRequest.RequestDeviceType + ") to login to your account?" notify.Notify("Passwordless Login Request", authRequest.RequestIpAddress+" - "+authRequest.RequestDeviceType, "", 0, func() {
if approved, err := pinentry.GetApproval("Paswordless Login Request", message); err != nil || !approved { var message = "Do you want to allow " + authRequest.RequestIpAddress + " (" + authRequest.RequestDeviceType + ") to login to your account?"
websocketLog.Info("AuthRequest denied") if approved, err := pinentry.GetApproval("Paswordless Login Request", message); err != nil || !approved {
break websocketLog.Info("AuthRequest denied")
} return
if !biometrics.CheckBiometrics(biometrics.AccessVault) { }
websocketLog.Info("AuthRequest denied - biometrics required") if !biometrics.CheckBiometrics(biometrics.AccessVault) {
break websocketLog.Info("AuthRequest denied - biometrics required")
} return
}
_, err = CreateAuthResponse(context.WithValue(ctx, AuthToken{}, token.AccessToken), authRequest, vault.Keyring, cfg)
if err != nil {
websocketLog.Error("Error creating auth response %s", err)
}
})
_, err = CreateAuthResponse(context.WithValue(ctx, AuthToken{}, token.AccessToken), authRequest, vault.Keyring, cfg)
if err != nil {
websocketLog.Error("Error creating auth response %s", err)
}
break break
case AuthRequestResponse: case AuthRequestResponse:
websocketLog.Info("AuthRequestResponse received") websocketLog.Info("AuthRequestResponse received")