From 43eb0643511172ed8a9b134b4aca974c459e1535 Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Wed, 2 Jan 2019 22:19:44 -0500 Subject: [PATCH 1/6] Replace invite/reinvite email functions with generic send_email --- src/mail.rs | 46 +++++++++++++--------------------------------- 1 file changed, 13 insertions(+), 33 deletions(-) diff --git a/src/mail.rs b/src/mail.rs index 567d64ab..8e153d79 100644 --- a/src/mail.rs +++ b/src/mail.rs @@ -5,7 +5,6 @@ use lettre_email::EmailBuilder; use native_tls::{Protocol, TlsConnector}; use crate::MailConfig; -use crate::CONFIG; use crate::api::EmptyResult; use crate::error::Error; @@ -67,37 +66,18 @@ pub fn send_password_hint(address: &str, hint: Option, config: &MailConf .and(Ok(())) } -pub fn send_invite( - address: &str, - org_id: &str, - org_user_id: &str, - token: &str, - org_name: &str, - config: &MailConfig, -) -> EmptyResult { - let (subject, body) = { - (format!("Join {}", &org_name), - format!( - " -

You have been invited to join the {} organization.

- Click here to join

-

If you do not wish to join this organization, you can safely ignore this email.

- ", - org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token - )) - }; - +pub fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult { let email = EmailBuilder::new() - .to(address) - .from((config.smtp_from.clone(), "Bitwarden-rs")) - .subject(subject) - .header(("Content-Type", "text/html")) - .body(body) - .build() - .map_err(|e| Error::new("Error building invite email", e.to_string()))?; + .to(address) + .from((config.smtp_from.clone(), "Bitwarden-rs")) + .subject(subject) + .header(("Content-Type", "text/html")) + .body(body) + .build() + .map_err(|e| Error::new("Error building email", e.to_string()))?; - mailer(config) - .send(email.into()) - .map_err(|e| Error::new("Error sending invite email", e.to_string())) - .and(Ok(())) -} +mailer(config) + .send(email.into()) + .map_err(|e| Error::new("Error sending email", e.to_string())) + .and(Ok(())) +} \ No newline at end of file From 736c0e62f25b17a650a854e4718f337dcd2c895d Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Wed, 2 Jan 2019 22:20:39 -0500 Subject: [PATCH 2/6] Send emails to inviters/invitees when invites are accepted/confirmed --- src/api/core/organizations.rs | 71 +++++++++++++++++++++++++++++------ src/auth.rs | 1 + 2 files changed, 61 insertions(+), 11 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index b1148431..dd59fb48 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -513,9 +513,19 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade user.email.clone(), org_id.clone(), Some(new_user.uuid.clone()), + headers.user.email.clone(), ); let invite_token = encode_jwt(&claims); - mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?; + let subject = format!("Join {}", &org_name); + let body = format!( + " +

You have been invited to join the {} organization.

+ Click here to join

+

If you do not wish to join this organization, you can safely ignore this email.

+ ", + org_name, CONFIG.domain, org_id, &new_user.uuid, &user.email, org_name, invite_token + ); + mail::send_email(&user.email, &subject, &body, mail_config)?; } } @@ -523,7 +533,7 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade } #[post("/organizations//users//reinvite")] -fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { +fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { if !CONFIG.invitations_allowed { err!("Invitations are not allowed.") } @@ -556,17 +566,20 @@ fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: user.email.clone(), org_id.clone(), Some(user_org.uuid.clone()), + headers.user.email.clone(), ); let invite_token = encode_jwt(&claims); if let Some(ref mail_config) = CONFIG.mail { - mail::send_invite( - &user.email, - &org_id, - &user_org.uuid, - &invite_token, - &org_name, - mail_config, - )?; + let subject = format!("Join {}", &org_name); + let body = format!( + " +

You have been invited to join the {} organization.

+ Click here to join

+

If you do not wish to join this organization, you can safely ignore this email.

+ ", + org_name, CONFIG.domain, org_id, user_org.uuid, &user.email, org_name, invite_token + ); + mail::send_email(&user.email, &subject, &body, mail_config)?; } Ok(()) @@ -578,7 +591,12 @@ struct AcceptData { Token: String, } -fn generate_invite_claims(uuid: String, email: String, org_id: String, org_user_id: Option) -> InviteJWTClaims { +fn generate_invite_claims(uuid: String, + email: String, + org_id: String, + org_user_id: Option, + inviter_email: String, +) -> InviteJWTClaims { let time_now = Utc::now().naive_utc(); InviteJWTClaims { nbf: time_now.timestamp(), @@ -588,6 +606,7 @@ fn generate_invite_claims(uuid: String, email: String, org_id: String, org_user_ email: email.clone(), org_id: org_id.clone(), user_org_id: org_user_id.clone(), + inviter_email: inviter_email.clone(), } } @@ -617,6 +636,19 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase err!("Invited user not found"), } + if let Some(ref mail_config) = CONFIG.mail { + let org_name = match Organization::find_by_uuid(&claims.org_id, &conn) { + Some(org) => org.name, + None => err!("Error looking up organization."), + }; + let subject = "Invitation accepted"; + let body = format!( + " +

Your invitation to {} to join {} was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.

+ ", claims.email, org_name); + mail::send_email(&claims.inviter_email, &subject, &body, mail_config)?; + } + Ok(()) } @@ -649,6 +681,23 @@ fn confirm_invite( None => err!("Invalid key provided"), }; + if let Some(ref mail_config) = CONFIG.mail { + let org_name = match Organization::find_by_uuid(&org_id, &conn) { + Some(org) => org.name, + None => err!("Error looking up organization."), + }; + let address = match User::find_by_uuid(&user_to_confirm.user_uuid, &conn) { + Some(user) => user.email, + None => err!("Error looking up user."), + }; + let subject = format!("Invitation to {} confirmed", org_name); + let body = format!( + " +

Your invitation to join {} was accepted. It will now appear under the Organizations the next time you log into the web vault.

+ ", org_name); + mail::send_email(&address, &subject, &body, mail_config)?; + } + user_to_confirm.save(&conn) } diff --git a/src/auth.rs b/src/auth.rs index 6eb029e6..65a72427 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -118,6 +118,7 @@ pub struct InviteJWTClaims { pub email: String, pub org_id: String, pub user_org_id: Option, + pub inviter_email: String, } // From cec28a85acab502c060359408e26fafec6e41836 Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Fri, 4 Jan 2019 10:32:51 -0500 Subject: [PATCH 3/6] Update admin page to work with new invitation flow --- src/api/admin.rs | 20 ++++++++- src/api/core/organizations.rs | 80 ++++++++++------------------------- src/auth.rs | 23 +++++++++- src/mail.rs | 72 +++++++++++++++++++++++++------ 4 files changed, 120 insertions(+), 75 deletions(-) diff --git a/src/api/admin.rs b/src/api/admin.rs index 7a46bce5..72c9d584 100644 --- a/src/api/admin.rs +++ b/src/api/admin.rs @@ -4,6 +4,8 @@ use serde_json::Value; use crate::api::{JsonResult, JsonUpcase}; use crate::CONFIG; +use crate::auth::{encode_jwt, generate_invite_claims}; +use crate::mail; use crate::db::models::*; use crate::db::DbConn; @@ -31,7 +33,7 @@ fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult { #[post("/invite", data = "")] fn invite_user(data: JsonUpcase, _token: AdminToken, conn: DbConn) -> JsonResult { let data: InviteData = data.into_inner().data; - + let email = data.Email.clone(); if User::find_by_mail(&data.Email, &conn).is_some() { err!("User already exists") } @@ -43,7 +45,21 @@ fn invite_user(data: JsonUpcase, _token: AdminToken, conn: DbConn) - let mut invitation = Invitation::new(data.Email); invitation.save(&conn)?; - // TODO: Might want to send an email? + if let Some(ref mail_config) = CONFIG.mail { + let mut user = User::new(email); + user.save(&conn)?; + let org_id = String::from("00000000-0000-0000-0000-000000000000"); + let claims = generate_invite_claims( + user.uuid.to_string(), + user.email.clone(), + org_id.clone(), + None, + None, + ); + let org_name = "bitwarden_rs"; + let invite_token = encode_jwt(&claims); + mail::send_invite(&user.email, &org_id, &user.uuid, &invite_token, &org_name, mail_config)?; + } Ok(Json(json!({}))) } diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index dd59fb48..91f5ac7f 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -7,14 +7,12 @@ use crate::db::DbConn; use crate::CONFIG; use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType}; -use crate::auth::{decode_invite_jwt, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders, JWT_ISSUER}; +use crate::auth::{decode_invite_jwt, generate_invite_claims, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders}; use crate::mail; use serde::{Deserialize, Deserializer}; -use chrono::{Duration, Utc}; - use rocket::Route; pub fn routes() -> Vec { @@ -513,19 +511,10 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade user.email.clone(), org_id.clone(), Some(new_user.uuid.clone()), - headers.user.email.clone(), + Some(headers.user.email.clone()), ); let invite_token = encode_jwt(&claims); - let subject = format!("Join {}", &org_name); - let body = format!( - " -

You have been invited to join the {} organization.

- Click here to join

-

If you do not wish to join this organization, you can safely ignore this email.

- ", - org_name, CONFIG.domain, org_id, &new_user.uuid, &user.email, org_name, invite_token - ); - mail::send_email(&user.email, &subject, &body, mail_config)?; + mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?; } } @@ -566,20 +555,18 @@ fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn: user.email.clone(), org_id.clone(), Some(user_org.uuid.clone()), - headers.user.email.clone(), + Some(headers.user.email.clone()), ); let invite_token = encode_jwt(&claims); if let Some(ref mail_config) = CONFIG.mail { - let subject = format!("Join {}", &org_name); - let body = format!( - " -

You have been invited to join the {} organization.

- Click here to join

-

If you do not wish to join this organization, you can safely ignore this email.

- ", - org_name, CONFIG.domain, org_id, user_org.uuid, &user.email, org_name, invite_token - ); - mail::send_email(&user.email, &subject, &body, mail_config)?; + mail::send_invite( + &user.email, + &org_id, + &user_org.uuid, + &invite_token, + &org_name, + mail_config, + )?; } Ok(()) @@ -591,25 +578,6 @@ struct AcceptData { Token: String, } -fn generate_invite_claims(uuid: String, - email: String, - org_id: String, - org_user_id: Option, - inviter_email: String, -) -> InviteJWTClaims { - let time_now = Utc::now().naive_utc(); - InviteJWTClaims { - nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), - iss: JWT_ISSUER.to_string(), - sub: uuid.clone(), - email: email.clone(), - org_id: org_id.clone(), - user_org_id: org_user_id.clone(), - inviter_email: inviter_email.clone(), - } -} - #[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "")] fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase, conn: DbConn) -> EmptyResult { // The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead @@ -638,15 +606,16 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase org.name, - None => err!("Error looking up organization."), + Some(org) => org.name, + None => String::from("bitwarden_rs"), }; - let subject = "Invitation accepted"; - let body = format!( - " -

Your invitation to {} to join {} was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.

- ", claims.email, org_name); - mail::send_email(&claims.inviter_email, &subject, &body, mail_config)?; + if claims.invited_by_email.is_some() { + // User was invited to an organization, so they must be confirmed manually after acceptance + mail::send_invite_accepted(&claims.email, &claims.invited_by_email.unwrap(), &org_name, mail_config)?; + } else { + // User was invited from /admin, so they are automatically confirmed + mail::send_invite_confirmed(&claims.email, &org_name, mail_config)?; + } } Ok(()) @@ -690,12 +659,7 @@ fn confirm_invite( Some(user) => user.email, None => err!("Error looking up user."), }; - let subject = format!("Invitation to {} confirmed", org_name); - let body = format!( - " -

Your invitation to join {} was accepted. It will now appear under the Organizations the next time you log into the web vault.

- ", org_name); - mail::send_email(&address, &subject, &body, mail_config)?; + mail::send_invite_confirmed(&address, &org_name, mail_config)?; } user_to_confirm.save(&conn) diff --git a/src/auth.rs b/src/auth.rs index 65a72427..4c4253bd 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -2,7 +2,7 @@ // JWT Handling // use crate::util::read_file; -use chrono::Duration; +use chrono::{Duration, Utc}; use jsonwebtoken::{self, Algorithm, Header}; use serde::ser::Serialize; @@ -118,7 +118,26 @@ pub struct InviteJWTClaims { pub email: String, pub org_id: String, pub user_org_id: Option, - pub inviter_email: String, + pub invited_by_email: Option, +} + +pub fn generate_invite_claims(uuid: String, + email: String, + org_id: String, + org_user_id: Option, + invited_by_email: Option, +) -> InviteJWTClaims { + let time_now = Utc::now().naive_utc(); + InviteJWTClaims { + nbf: time_now.timestamp(), + exp: (time_now + Duration::days(5)).timestamp(), + iss: JWT_ISSUER.to_string(), + sub: uuid.clone(), + email: email.clone(), + org_id: org_id.clone(), + user_org_id: org_user_id.clone(), + invited_by_email: invited_by_email.clone(), + } } // diff --git a/src/mail.rs b/src/mail.rs index 8e153d79..a5591f2a 100644 --- a/src/mail.rs +++ b/src/mail.rs @@ -5,6 +5,7 @@ use lettre_email::EmailBuilder; use native_tls::{Protocol, TlsConnector}; use crate::MailConfig; +use crate::CONFIG; use crate::api::EmptyResult; use crate::error::Error; @@ -52,21 +53,66 @@ pub fn send_password_hint(address: &str, hint: Option, config: &MailConf ) }; - let email = EmailBuilder::new() - .to(address) - .from((config.smtp_from.clone(), "Bitwarden-rs")) - .subject(subject) - .body(body) - .build() - .map_err(|e| Error::new("Error building hint email", e.to_string()))?; - - mailer(config) - .send(email.into()) - .map_err(|e| Error::new("Error sending hint email", e.to_string())) - .and(Ok(())) + send_email(&address, &subject, &body, &config) } -pub fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult { +pub fn send_invite( + address: &str, + org_id: &str, + org_user_id: &str, + token: &str, + org_name: &str, + config: &MailConfig, +) -> EmptyResult { + let (subject, body) = { + (format!("Join {}", &org_name), + format!( + " +

You have been invited to join the {} organization.

+ Click here to join

+

If you do not wish to join this organization, you can safely ignore this email.

+ ", + org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token + )) + }; + + send_email(&address, &subject, &body, &config) +} + +pub fn send_invite_accepted( + new_user_email: &str, + address: &str, + org_name: &str, + config: &MailConfig, +) -> EmptyResult { + let (subject, body) = { + ("Invitation accepted", + format!( + " +

Your invitation to {} to join {} was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.

+ ", new_user_email, org_name)) + }; + + send_email(&address, &subject, &body, &config) +} + +pub fn send_invite_confirmed( + address: &str, + org_name: &str, + config: &MailConfig, +) -> EmptyResult { + let (subject, body) = { + (format!("Invitation to {} confirmed", org_name), + format!( + " +

Your invitation to join {} was accepted. It will now appear under the Organizations the next time you log into the web vault.

+ ", org_name)) + }; + + send_email(&address, &subject, &body, &config) +} + +fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult { let email = EmailBuilder::new() .to(address) .from((config.smtp_from.clone(), "Bitwarden-rs")) From 2f5bdc23f667c4c601c3533eeda72524b7f0d576 Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Sat, 5 Jan 2019 13:36:08 -0500 Subject: [PATCH 4/6] Fix formatting and add vault link to notification emails --- src/mail.rs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/mail.rs b/src/mail.rs index a5591f2a..93de0320 100644 --- a/src/mail.rs +++ b/src/mail.rs @@ -89,8 +89,8 @@ pub fn send_invite_accepted( ("Invitation accepted", format!( " -

Your invitation to {} to join {} was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.

- ", new_user_email, org_name)) +

Your invitation for {} to join {} was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.

+ ", new_user_email, org_name, CONFIG.domain)) }; send_email(&address, &subject, &body, &config) @@ -105,8 +105,8 @@ pub fn send_invite_confirmed( (format!("Invitation to {} confirmed", org_name), format!( " -

Your invitation to join {} was accepted. It will now appear under the Organizations the next time you log into the web vault.

- ", org_name)) +

Your invitation to join {} was confirmed. It will now appear under the Organizations the next time you log in to the web vault.

+ ", org_name, CONFIG.domain)) }; send_email(&address, &subject, &body, &config) @@ -122,8 +122,8 @@ fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> .build() .map_err(|e| Error::new("Error building email", e.to_string()))?; -mailer(config) - .send(email.into()) - .map_err(|e| Error::new("Error sending email", e.to_string())) - .and(Ok(())) + mailer(config) + .send(email.into()) + .map_err(|e| Error::new("Error sending email", e.to_string())) + .and(Ok(())) } \ No newline at end of file From 7db66f73f03e577132fabd88a8089bece1549c0f Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Sat, 5 Jan 2019 13:46:45 -0500 Subject: [PATCH 5/6] Refactor invited_by_email check --- src/api/core/organizations.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 91f5ac7f..d0a5f00b 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -609,9 +609,9 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase org.name, None => String::from("bitwarden_rs"), }; - if claims.invited_by_email.is_some() { + if let Some(invited_by_email) = &claims.invited_by_email { // User was invited to an organization, so they must be confirmed manually after acceptance - mail::send_invite_accepted(&claims.email, &claims.invited_by_email.unwrap(), &org_name, mail_config)?; + mail::send_invite_accepted(&claims.email, invited_by_email, &org_name, mail_config)?; } else { // User was invited from /admin, so they are automatically confirmed mail::send_invite_confirmed(&claims.email, &org_name, mail_config)?; From 0a74e79ceaf809a8481afb9d97dbba0aef807745 Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Sat, 5 Jan 2019 23:03:49 -0500 Subject: [PATCH 6/6] Refactor generate_invite_claims, make org_name and org_id optional --- src/api/admin.rs | 12 +-------- src/api/core/organizations.rs | 47 ++++++++++++++++------------------- src/auth.rs | 4 +-- src/mail.rs | 19 ++++++++++---- 4 files changed, 39 insertions(+), 43 deletions(-) diff --git a/src/api/admin.rs b/src/api/admin.rs index 72c9d584..b5e3ef8d 100644 --- a/src/api/admin.rs +++ b/src/api/admin.rs @@ -4,7 +4,6 @@ use serde_json::Value; use crate::api::{JsonResult, JsonUpcase}; use crate::CONFIG; -use crate::auth::{encode_jwt, generate_invite_claims}; use crate::mail; use crate::db::models::*; use crate::db::DbConn; @@ -48,17 +47,8 @@ fn invite_user(data: JsonUpcase, _token: AdminToken, conn: DbConn) - if let Some(ref mail_config) = CONFIG.mail { let mut user = User::new(email); user.save(&conn)?; - let org_id = String::from("00000000-0000-0000-0000-000000000000"); - let claims = generate_invite_claims( - user.uuid.to_string(), - user.email.clone(), - org_id.clone(), - None, - None, - ); let org_name = "bitwarden_rs"; - let invite_token = encode_jwt(&claims); - mail::send_invite(&user.email, &org_id, &user.uuid, &invite_token, &org_name, mail_config)?; + mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?; } Ok(Json(json!({}))) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index d0a5f00b..cf39229a 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -7,7 +7,7 @@ use crate::db::DbConn; use crate::CONFIG; use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType}; -use crate::auth::{decode_invite_jwt, generate_invite_claims, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders}; +use crate::auth::{decode_invite_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders}; use crate::mail; @@ -506,15 +506,16 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade Some(org) => org.name, None => err!("Error looking up organization"), }; - let claims = generate_invite_claims( - user.uuid.to_string(), - user.email.clone(), - org_id.clone(), - Some(new_user.uuid.clone()), - Some(headers.user.email.clone()), - ); - let invite_token = encode_jwt(&claims); - mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?; + + mail::send_invite( + &email, + &user.uuid, + Some(org_id.clone()), + Some(new_user.uuid), + &org_name, + Some(headers.user.email.clone()), + mail_config + )?; } } @@ -550,21 +551,14 @@ fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn: None => err!("Error looking up organization."), }; - let claims = generate_invite_claims( - user.uuid.to_string(), - user.email.clone(), - org_id.clone(), - Some(user_org.uuid.clone()), - Some(headers.user.email.clone()), - ); - let invite_token = encode_jwt(&claims); if let Some(ref mail_config) = CONFIG.mail { mail::send_invite( &user.email, - &org_id, - &user_org.uuid, - &invite_token, + &user.uuid, + Some(org_id), + Some(user_org.uuid), &org_name, + Some(headers.user.email), mail_config, )?; } @@ -588,10 +582,10 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase { Invitation::take(&claims.email, &conn); - if claims.user_org_id.is_some() { + if claims.user_org_id.is_some() && claims.org_id.is_some() { // If this isn't the virtual_org, mark userorg as accepted let mut user_org = - match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) { + match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id.clone().unwrap(), &conn) { Some(user_org) => user_org, None => err!("Error accepting the invitation"), }; @@ -605,9 +599,12 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase org.name, - None => String::from("bitwarden_rs"), + None => err!("Organization not found.") + }; }; if let Some(invited_by_email) = &claims.invited_by_email { // User was invited to an organization, so they must be confirmed manually after acceptance diff --git a/src/auth.rs b/src/auth.rs index 4c4253bd..8413fe47 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -116,14 +116,14 @@ pub struct InviteJWTClaims { pub sub: String, pub email: String, - pub org_id: String, + pub org_id: Option, pub user_org_id: Option, pub invited_by_email: Option, } pub fn generate_invite_claims(uuid: String, email: String, - org_id: String, + org_id: Option, org_user_id: Option, invited_by_email: Option, ) -> InviteJWTClaims { diff --git a/src/mail.rs b/src/mail.rs index 93de0320..5eeeec03 100644 --- a/src/mail.rs +++ b/src/mail.rs @@ -6,7 +6,7 @@ use native_tls::{Protocol, TlsConnector}; use crate::MailConfig; use crate::CONFIG; - +use crate::auth::{generate_invite_claims, encode_jwt}; use crate::api::EmptyResult; use crate::error::Error; @@ -58,12 +58,21 @@ pub fn send_password_hint(address: &str, hint: Option, config: &MailConf pub fn send_invite( address: &str, - org_id: &str, - org_user_id: &str, - token: &str, + uuid: &str, + org_id: Option, + org_user_id: Option, org_name: &str, + invited_by_email: Option, config: &MailConfig, ) -> EmptyResult { + let claims = generate_invite_claims( + uuid.to_string(), + String::from(address), + org_id.clone(), + org_user_id.clone(), + invited_by_email.clone(), + ); + let invite_token = encode_jwt(&claims); let (subject, body) = { (format!("Join {}", &org_name), format!( @@ -72,7 +81,7 @@ pub fn send_invite( Click here to join

If you do not wish to join this organization, you can safely ignore this email.

", - org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token + org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token )) };