1 //! For now this only has the TFA subdir, which is in this file.
2 //! If we add more, it should be moved into a sub module.
6 use proxmox_router
::{Router, RpcEnvironment, Permission, SubdirMap}
;
7 use proxmox_schema
::api
;
8 use proxmox_router
::list_subdirs_api_method
;
10 use pbs_api_types
::PROXMOX_CONFIG_DIGEST_SCHEMA
;
12 use crate::config
::tfa
::{self, WebauthnConfig, WebauthnConfigUpdater}
;
14 pub const ROUTER
: Router
= Router
::new()
15 .get(&list_subdirs_api_method
!(SUBDIRS
))
18 const SUBDIRS
: SubdirMap
= &[("webauthn", &WEBAUTHN_ROUTER
)];
20 const WEBAUTHN_ROUTER
: Router
= Router
::new()
21 .get(&API_METHOD_GET_WEBAUTHN_CONFIG
)
22 .put(&API_METHOD_UPDATE_WEBAUTHN_CONFIG
);
34 permission
: &Permission
::Anybody
,
37 /// Get the TFA configuration.
38 pub fn get_webauthn_config(
39 mut rpcenv
: &mut dyn RpcEnvironment
,
40 ) -> Result
<Option
<WebauthnConfig
>, Error
> {
41 let (config
, digest
) = match tfa
::webauthn_config()?
{
43 None
=> return Ok(None
),
45 rpcenv
["digest"] = proxmox
::tools
::digest_to_hex(&digest
).into();
55 type: WebauthnConfigUpdater
,
59 schema
: PROXMOX_CONFIG_DIGEST_SCHEMA
,
64 /// Update the TFA configuration.
65 pub fn update_webauthn_config(
66 webauthn
: WebauthnConfigUpdater
,
67 digest
: Option
<String
>,
68 ) -> Result
<(), Error
> {
69 let _lock
= tfa
::write_lock();
71 let mut tfa
= tfa
::read()?
;
73 if let Some(wa
) = &mut tfa
.webauthn
{
74 if let Some(ref digest
) = digest
{
75 let digest
= proxmox
::tools
::hex_to_digest(digest
)?
;
76 crate::tools
::detect_modified_configuration_file(&digest
, &wa
.digest()?
)?
;
78 if let Some(ref rp
) = webauthn
.rp { wa.rp = rp.clone(); }
79 if let Some(ref origin
) = webauthn
.rp { wa.origin = origin.clone(); }
80 if let Some(ref id
) = webauthn
.id { wa.id = id.clone(); }
82 let rp
= webauthn
.rp
.unwrap();
83 let origin
= webauthn
.origin
.unwrap();
84 let id
= webauthn
.id
.unwrap();
85 tfa
.webauthn
= Some(WebauthnConfig { rp, origin, id }
);