nandi.latha.org / tranquil-pds
forked from tranquil.farm/tranquil-pds
Our Personal Data Server from scratch!
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix(auth): don't require 2fa for app passwords

authored by

Hayden Young and committed by
Tangled c74bf967 1285d5c6

+23 -1
+1
crates/tranquil-api/src/server/session.rs
··· 163 163 let email_2fa_enabled = row.email_2fa_enabled; 164 164 let is_legacy_login = has_totp || email_2fa_enabled; 165 165 let twofa_ctx = tranquil_pds::auth::legacy_2fa::Legacy2faContext { 166 + is_app_password: app_password_name.is_some(), 166 167 email_2fa_enabled, 167 168 has_totp, 168 169 allow_legacy_login: row.allow_legacy_login,
+22 -1
crates/tranquil-pds/src/auth/legacy_2fa.rs
··· 156 156 } 157 157 158 158 pub struct Legacy2faContext { 159 + pub is_app_password: bool, 159 160 pub email_2fa_enabled: bool, 160 161 pub has_totp: bool, 161 162 pub allow_legacy_login: bool, ··· 163 164 164 165 impl Legacy2faContext { 165 166 pub fn requires_2fa(&self) -> bool { 166 - self.email_2fa_enabled || self.has_totp 167 + !self.is_app_password && (self.email_2fa_enabled || self.has_totp) 167 168 } 168 169 169 170 pub fn is_blocked(&self) -> bool { ··· 418 419 let cache = MockCache::new(); 419 420 let did = Did::new("did:plc:test".to_string()).unwrap(); 420 421 let ctx = Legacy2faContext { 422 + is_app_password: false, 421 423 email_2fa_enabled: false, 422 424 has_totp: false, 423 425 allow_legacy_login: true, ··· 428 430 } 429 431 430 432 #[tokio::test] 433 + async fn test_process_flow_not_required_because_app_password() { 434 + let cache = MockCache::new(); 435 + let did = Did::new("did:plc:test".to_string()).unwrap(); 436 + let ctx = Legacy2faContext { 437 + is_app_password: true, 438 + email_2fa_enabled: false, 439 + has_totp: true, 440 + allow_legacy_login: true, 441 + }; 442 + 443 + let outcome = process_legacy_2fa(&cache, &did, &ctx, None).await.unwrap(); 444 + assert!(matches!(outcome, Legacy2faOutcome::NotRequired)); 445 + } 446 + 447 + #[tokio::test] 431 448 async fn test_process_flow_blocked() { 432 449 let cache = MockCache::new(); 433 450 let did = Did::new("did:plc:test".to_string()).unwrap(); 434 451 let ctx = Legacy2faContext { 452 + is_app_password: false, 435 453 email_2fa_enabled: false, 436 454 has_totp: true, 437 455 allow_legacy_login: false, ··· 446 464 let cache = MockCache::new(); 447 465 let did = Did::new("did:plc:test".to_string()).unwrap(); 448 466 let ctx = Legacy2faContext { 467 + is_app_password: false, 449 468 email_2fa_enabled: false, 450 469 has_totp: true, 451 470 allow_legacy_login: true, ··· 460 479 let cache = MockCache::new(); 461 480 let did = Did::new("did:plc:test2".to_string()).unwrap(); 462 481 let ctx = Legacy2faContext { 482 + is_app_password: false, 463 483 email_2fa_enabled: true, 464 484 has_totp: false, 465 485 allow_legacy_login: false, ··· 474 494 let cache = MockCache::new(); 475 495 let did = Did::new("did:plc:test".to_string()).unwrap(); 476 496 let ctx = Legacy2faContext { 497 + is_app_password: false, 477 498 email_2fa_enabled: true, 478 499 has_totp: false, 479 500 allow_legacy_login: false,