From f858523d928e6a17aee55bc7af7211934585cb80 Mon Sep 17 00:00:00 2001 From: Timshel Date: Thu, 25 Jul 2024 20:25:44 +0200 Subject: [PATCH] Duo: use the formatted db email (#4779) --- src/api/core/two_factor/duo_oidc.rs | 2 -- src/api/identity.rs | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/api/core/two_factor/duo_oidc.rs b/src/api/core/two_factor/duo_oidc.rs index a0ce709c..9b7e7f12 100644 --- a/src/api/core/two_factor/duo_oidc.rs +++ b/src/api/core/two_factor/duo_oidc.rs @@ -423,8 +423,6 @@ pub async fn validate_duo_login( device_identifier: &str, conn: &mut DbConn, ) -> EmptyResult { - let email = &email.to_lowercase(); - // Result supplied to us by clients in the form "|" let split: Vec<&str> = two_factor_token.split('|').collect(); if split.len() != 2 { diff --git a/src/api/identity.rs b/src/api/identity.rs index b6621ce3..93ef80bc 100644 --- a/src/api/identity.rs +++ b/src/api/identity.rs @@ -524,12 +524,12 @@ async fn twofactor_auth( match CONFIG.duo_use_iframe() { true => { // Legacy iframe prompt flow - duo::validate_duo_login(data.username.as_ref().unwrap().trim(), twofactor_code, conn).await? + duo::validate_duo_login(&user.email, twofactor_code, conn).await? } false => { // OIDC based flow duo_oidc::validate_duo_login( - data.username.as_ref().unwrap().trim(), + &user.email, twofactor_code, data.client_id.as_ref().unwrap(), data.device_identifier.as_ref().unwrap(),