Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-11-29 06:20:29 +01:00
Only create invitations when SMTP is disabled, and ignore invitations if we have a token.
Disallow users from accepting invitation twice
Dieser Commit ist enthalten in:
Ursprung
f1161c65fb
Commit
4309df8334
3 geänderte Dateien mit 67 neuen und 64 gelöschten Zeilen
|
@ -4,9 +4,9 @@ use serde_json::Value;
|
||||||
use crate::api::{JsonResult, JsonUpcase};
|
use crate::api::{JsonResult, JsonUpcase};
|
||||||
use crate::CONFIG;
|
use crate::CONFIG;
|
||||||
|
|
||||||
use crate::mail;
|
|
||||||
use crate::db::models::*;
|
use crate::db::models::*;
|
||||||
use crate::db::DbConn;
|
use crate::db::DbConn;
|
||||||
|
use crate::mail;
|
||||||
|
|
||||||
use rocket::request::{self, FromRequest, Request};
|
use rocket::request::{self, FromRequest, Request};
|
||||||
use rocket::{Outcome, Route};
|
use rocket::{Outcome, Route};
|
||||||
|
@ -41,14 +41,14 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
|
||||||
err!("Invitations are not allowed")
|
err!("Invitations are not allowed")
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut invitation = Invitation::new(data.Email);
|
|
||||||
invitation.save(&conn)?;
|
|
||||||
|
|
||||||
if let Some(ref mail_config) = CONFIG.mail {
|
if let Some(ref mail_config) = CONFIG.mail {
|
||||||
let mut user = User::new(email);
|
let mut user = User::new(email);
|
||||||
user.save(&conn)?;
|
user.save(&conn)?;
|
||||||
let org_name = "bitwarden_rs";
|
let org_name = "bitwarden_rs";
|
||||||
mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?;
|
mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?;
|
||||||
|
} else {
|
||||||
|
let mut invitation = Invitation::new(data.Email);
|
||||||
|
invitation.save(&conn)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(Json(json!({})))
|
Ok(Json(json!({})))
|
||||||
|
|
|
@ -61,29 +61,24 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
|
||||||
|
|
||||||
let mut user = match User::find_by_mail(&data.Email, &conn) {
|
let mut user = match User::find_by_mail(&data.Email, &conn) {
|
||||||
Some(user) => {
|
Some(user) => {
|
||||||
if Invitation::find_by_mail(&data.Email, &conn).is_some() {
|
if !user.password_hash.is_empty() {
|
||||||
if CONFIG.mail.is_none() {
|
err!("User already exists")
|
||||||
for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
|
|
||||||
user_org.status = UserOrgStatus::Accepted as i32;
|
|
||||||
user_org.save(&conn)?;
|
|
||||||
}
|
}
|
||||||
if !Invitation::take(&data.Email, &conn) {
|
|
||||||
err!("Error accepting invitation")
|
|
||||||
}
|
|
||||||
user
|
|
||||||
} else {
|
|
||||||
let token = match &data.Token {
|
|
||||||
Some(token) => token,
|
|
||||||
None => err!("No valid invite token"),
|
|
||||||
};
|
|
||||||
|
|
||||||
|
if let Some(token) = data.Token {
|
||||||
let claims: InviteJWTClaims = decode_invite_jwt(&token)?;
|
let claims: InviteJWTClaims = decode_invite_jwt(&token)?;
|
||||||
if claims.email == data.Email {
|
if claims.email == data.Email {
|
||||||
user
|
user
|
||||||
} else {
|
} else {
|
||||||
err!("Registration email does not match invite email")
|
err!("Registration email does not match invite email")
|
||||||
}
|
}
|
||||||
|
} else if Invitation::take(&data.Email, &conn) {
|
||||||
|
for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
|
||||||
|
user_org.status = UserOrgStatus::Accepted as i32;
|
||||||
|
user_org.save(&conn)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
user
|
||||||
} else if CONFIG.signups_allowed {
|
} else if CONFIG.signups_allowed {
|
||||||
err!("Account with this email already exists")
|
err!("Account with this email already exists")
|
||||||
} else {
|
} else {
|
||||||
|
@ -91,14 +86,17 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
if CONFIG.signups_allowed || (CONFIG.mail.is_none() && Invitation::take(&data.Email, &conn)) {
|
if CONFIG.signups_allowed || Invitation::take(&data.Email, &conn) {
|
||||||
User::new(data.Email)
|
User::new(data.Email.clone())
|
||||||
} else {
|
} else {
|
||||||
err!("Registration not allowed")
|
err!("Registration not allowed")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Make sure we don't leave a lingering invitation.
|
||||||
|
Invitation::take(&data.Email, &conn);
|
||||||
|
|
||||||
if let Some(client_kdf_iter) = data.KdfIterations {
|
if let Some(client_kdf_iter) = data.KdfIterations {
|
||||||
user.client_kdf_iter = client_kdf_iter;
|
user.client_kdf_iter = client_kdf_iter;
|
||||||
}
|
}
|
||||||
|
|
|
@ -460,17 +460,19 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
};
|
};
|
||||||
let user = match User::find_by_mail(&email, &conn) {
|
let user = match User::find_by_mail(&email, &conn) {
|
||||||
None => {
|
None => {
|
||||||
if CONFIG.invitations_allowed {
|
if !CONFIG.invitations_allowed {
|
||||||
// Invite user if that's enabled
|
err!(format!("User email does not exist: {}", email))
|
||||||
|
}
|
||||||
|
|
||||||
|
if CONFIG.mail.is_none() {
|
||||||
let mut invitation = Invitation::new(email.clone());
|
let mut invitation = Invitation::new(email.clone());
|
||||||
invitation.save(&conn)?;
|
invitation.save(&conn)?;
|
||||||
|
}
|
||||||
|
|
||||||
let mut user = User::new(email.clone());
|
let mut user = User::new(email.clone());
|
||||||
user.save(&conn)?;
|
user.save(&conn)?;
|
||||||
user_org_status = UserOrgStatus::Invited as i32;
|
user_org_status = UserOrgStatus::Invited as i32;
|
||||||
user
|
user
|
||||||
} else {
|
|
||||||
err!(format!("User email does not exist: {}", email))
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
Some(user) => {
|
Some(user) => {
|
||||||
if UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn).is_some() {
|
if UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn).is_some() {
|
||||||
|
@ -514,7 +516,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
Some(new_user.uuid),
|
Some(new_user.uuid),
|
||||||
&org_name,
|
&org_name,
|
||||||
Some(headers.user.email.clone()),
|
Some(headers.user.email.clone()),
|
||||||
mail_config
|
mail_config,
|
||||||
)?;
|
)?;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -546,9 +548,6 @@ fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn:
|
||||||
None => err!("User not found."),
|
None => err!("User not found."),
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut invitation = Invitation::new(user.email.clone());
|
|
||||||
invitation.save(&conn)?;
|
|
||||||
|
|
||||||
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
||||||
Some(org) => org.name,
|
Some(org) => org.name,
|
||||||
None => err!("Error looking up organization."),
|
None => err!("Error looking up organization."),
|
||||||
|
@ -564,6 +563,9 @@ fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn:
|
||||||
Some(headers.user.email),
|
Some(headers.user.email),
|
||||||
mail_config,
|
mail_config,
|
||||||
)?;
|
)?;
|
||||||
|
} else {
|
||||||
|
let mut invitation = Invitation::new(user.email.clone());
|
||||||
|
invitation.save(&conn)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
|
@ -585,16 +587,19 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
|
||||||
match User::find_by_mail(&claims.email, &conn) {
|
match User::find_by_mail(&claims.email, &conn) {
|
||||||
Some(_) => {
|
Some(_) => {
|
||||||
Invitation::take(&claims.email, &conn);
|
Invitation::take(&claims.email, &conn);
|
||||||
if claims.user_org_id.is_some() && claims.org_id.is_some() {
|
|
||||||
let mut user_org =
|
if let (Some(user_org), Some(org)) = (&claims.user_org_id, &claims.org_id) {
|
||||||
match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id.clone().unwrap(), &conn) {
|
let mut user_org = match UserOrganization::find_by_uuid_and_org(user_org, org, &conn) {
|
||||||
Some(user_org) => user_org,
|
Some(user_org) => user_org,
|
||||||
None => err!("Error accepting the invitation"),
|
None => err!("Error accepting the invitation"),
|
||||||
};
|
};
|
||||||
user_org.status = UserOrgStatus::Accepted as i32;
|
|
||||||
if user_org.save(&conn).is_err() {
|
if user_org.status != UserOrgStatus::Invited as i32 {
|
||||||
err!("Failed to accept user to organization")
|
err!("User already accepted the invitation")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
user_org.status = UserOrgStatus::Accepted as i32;
|
||||||
|
user_org.save(&conn)?;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => err!("Invited user not found"),
|
None => err!("Invited user not found"),
|
||||||
|
@ -605,7 +610,7 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
|
||||||
if let Some(org_id) = &claims.org_id {
|
if let Some(org_id) = &claims.org_id {
|
||||||
org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
||||||
Some(org) => org.name,
|
Some(org) => org.name,
|
||||||
None => err!("Organization not found.")
|
None => err!("Organization not found."),
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
if let Some(invited_by_email) = &claims.invited_by_email {
|
if let Some(invited_by_email) = &claims.invited_by_email {
|
||||||
|
|
Laden …
In neuem Issue referenzieren