From c64560016e80517eb490b2b863be6da261c02b27 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Fri, 25 Sep 2020 18:26:48 +0200 Subject: [PATCH] Add /api/accounts/verify-password endpoint If for some reason the hashed password is cleared from memory within a bitwarden client it will try to verify the password at the server side. This endpoint was missing. Resolves #1156 --- src/api/core/accounts.rs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 3f769008..ddb43b41 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -32,6 +32,7 @@ pub fn routes() -> Vec { revision_date, password_hint, prelogin, + verify_password, ] } @@ -623,3 +624,20 @@ fn prelogin(data: JsonUpcase, conn: DbConn) -> JsonResult { "KdfIterations": kdf_iter }))) } +#[derive(Deserialize)] +#[allow(non_snake_case)] +struct VerifyPasswordData { + MasterPasswordHash: String, +} + +#[post("/accounts/verify-password", data = "")] +fn verify_password(data: JsonUpcase, headers: Headers, _conn: DbConn) -> EmptyResult { + let data: VerifyPasswordData = data.into_inner().data; + let user = headers.user; + + if !user.check_valid_password(&data.MasterPasswordHash) { + err!("Invalid password") + } + + Ok(()) +}