Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-11-04 02:18:00 +01:00
Merge pull request #323 from njfox/invite_accepted_email
Send email notifications when invitations are accepted/confirmed
Dieser Commit ist enthalten in:
Commit
5e37471488
4 geänderte Dateien mit 141 neuen und 70 gelöschten Zeilen
|
@ -4,6 +4,7 @@ use serde_json::Value;
|
||||||
use crate::api::{JsonResult, JsonUpcase};
|
use crate::api::{JsonResult, JsonUpcase};
|
||||||
use crate::CONFIG;
|
use crate::CONFIG;
|
||||||
|
|
||||||
|
use crate::mail;
|
||||||
use crate::db::models::*;
|
use crate::db::models::*;
|
||||||
use crate::db::DbConn;
|
use crate::db::DbConn;
|
||||||
|
|
||||||
|
@ -31,7 +32,7 @@ fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult {
|
||||||
#[post("/invite", data = "<data>")]
|
#[post("/invite", data = "<data>")]
|
||||||
fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
|
fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
|
||||||
let data: InviteData = data.into_inner().data;
|
let data: InviteData = data.into_inner().data;
|
||||||
|
let email = data.Email.clone();
|
||||||
if User::find_by_mail(&data.Email, &conn).is_some() {
|
if User::find_by_mail(&data.Email, &conn).is_some() {
|
||||||
err!("User already exists")
|
err!("User already exists")
|
||||||
}
|
}
|
||||||
|
@ -43,7 +44,12 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
|
||||||
let mut invitation = Invitation::new(data.Email);
|
let mut invitation = Invitation::new(data.Email);
|
||||||
invitation.save(&conn)?;
|
invitation.save(&conn)?;
|
||||||
|
|
||||||
// TODO: Might want to send an email?
|
if let Some(ref mail_config) = CONFIG.mail {
|
||||||
|
let mut user = User::new(email);
|
||||||
|
user.save(&conn)?;
|
||||||
|
let org_name = "bitwarden_rs";
|
||||||
|
mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?;
|
||||||
|
}
|
||||||
|
|
||||||
Ok(Json(json!({})))
|
Ok(Json(json!({})))
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,14 +7,12 @@ use crate::db::DbConn;
|
||||||
use crate::CONFIG;
|
use crate::CONFIG;
|
||||||
|
|
||||||
use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
|
use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
|
||||||
use crate::auth::{decode_invite_jwt, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders, JWT_ISSUER};
|
use crate::auth::{decode_invite_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders};
|
||||||
|
|
||||||
use crate::mail;
|
use crate::mail;
|
||||||
|
|
||||||
use serde::{Deserialize, Deserializer};
|
use serde::{Deserialize, Deserializer};
|
||||||
|
|
||||||
use chrono::{Duration, Utc};
|
|
||||||
|
|
||||||
use rocket::Route;
|
use rocket::Route;
|
||||||
|
|
||||||
pub fn routes() -> Vec<Route> {
|
pub fn routes() -> Vec<Route> {
|
||||||
|
@ -508,14 +506,16 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
Some(org) => org.name,
|
Some(org) => org.name,
|
||||||
None => err!("Error looking up organization"),
|
None => err!("Error looking up organization"),
|
||||||
};
|
};
|
||||||
let claims = generate_invite_claims(
|
|
||||||
user.uuid.to_string(),
|
mail::send_invite(
|
||||||
user.email.clone(),
|
&email,
|
||||||
org_id.clone(),
|
&user.uuid,
|
||||||
Some(new_user.uuid.clone()),
|
Some(org_id.clone()),
|
||||||
);
|
Some(new_user.uuid),
|
||||||
let invite_token = encode_jwt(&claims);
|
&org_name,
|
||||||
mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?;
|
Some(headers.user.email.clone()),
|
||||||
|
mail_config
|
||||||
|
)?;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -523,7 +523,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/organizations/<org_id>/users/<user_org>/reinvite")]
|
#[post("/organizations/<org_id>/users/<user_org>/reinvite")]
|
||||||
fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult {
|
fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
|
||||||
if !CONFIG.invitations_allowed {
|
if !CONFIG.invitations_allowed {
|
||||||
err!("Invitations are not allowed.")
|
err!("Invitations are not allowed.")
|
||||||
}
|
}
|
||||||
|
@ -551,21 +551,15 @@ fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn:
|
||||||
None => err!("Error looking up organization."),
|
None => err!("Error looking up organization."),
|
||||||
};
|
};
|
||||||
|
|
||||||
let claims = generate_invite_claims(
|
|
||||||
user.uuid.to_string(),
|
|
||||||
user.email.clone(),
|
|
||||||
org_id.clone(),
|
|
||||||
Some(user_org.uuid.clone()),
|
|
||||||
);
|
|
||||||
let invite_token = encode_jwt(&claims);
|
|
||||||
if let Some(ref mail_config) = CONFIG.mail {
|
if let Some(ref mail_config) = CONFIG.mail {
|
||||||
mail::send_invite(
|
mail::send_invite(
|
||||||
&user.email,
|
&user.email,
|
||||||
&org_id,
|
&user.uuid,
|
||||||
&user_org.uuid,
|
Some(org_id),
|
||||||
&invite_token,
|
Some(user_org.uuid),
|
||||||
&org_name,
|
&org_name,
|
||||||
mail_config,
|
Some(headers.user.email),
|
||||||
|
mail_config,
|
||||||
)?;
|
)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -578,19 +572,6 @@ struct AcceptData {
|
||||||
Token: String,
|
Token: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn generate_invite_claims(uuid: String, email: String, org_id: String, org_user_id: Option<String>) -> InviteJWTClaims {
|
|
||||||
let time_now = Utc::now().naive_utc();
|
|
||||||
InviteJWTClaims {
|
|
||||||
nbf: time_now.timestamp(),
|
|
||||||
exp: (time_now + Duration::days(5)).timestamp(),
|
|
||||||
iss: JWT_ISSUER.to_string(),
|
|
||||||
sub: uuid.clone(),
|
|
||||||
email: email.clone(),
|
|
||||||
org_id: org_id.clone(),
|
|
||||||
user_org_id: org_user_id.clone(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")]
|
#[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")]
|
||||||
fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
|
fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
|
||||||
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
|
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
|
||||||
|
@ -601,10 +582,10 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
|
||||||
match User::find_by_mail(&claims.email, &conn) {
|
match User::find_by_mail(&claims.email, &conn) {
|
||||||
Some(_) => {
|
Some(_) => {
|
||||||
Invitation::take(&claims.email, &conn);
|
Invitation::take(&claims.email, &conn);
|
||||||
if claims.user_org_id.is_some() {
|
if claims.user_org_id.is_some() && claims.org_id.is_some() {
|
||||||
// If this isn't the virtual_org, mark userorg as accepted
|
// If this isn't the virtual_org, mark userorg as accepted
|
||||||
let mut user_org =
|
let mut user_org =
|
||||||
match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) {
|
match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id.clone().unwrap(), &conn) {
|
||||||
Some(user_org) => user_org,
|
Some(user_org) => user_org,
|
||||||
None => err!("Error accepting the invitation"),
|
None => err!("Error accepting the invitation"),
|
||||||
};
|
};
|
||||||
|
@ -617,6 +598,23 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
|
||||||
None => err!("Invited user not found"),
|
None => err!("Invited user not found"),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if let Some(ref mail_config) = CONFIG.mail {
|
||||||
|
let mut org_name = String::from("bitwarden_rs");
|
||||||
|
if let Some(org_id) = &claims.org_id {
|
||||||
|
org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
||||||
|
Some(org) => org.name,
|
||||||
|
None => err!("Organization not found.")
|
||||||
|
};
|
||||||
|
};
|
||||||
|
if let Some(invited_by_email) = &claims.invited_by_email {
|
||||||
|
// User was invited to an organization, so they must be confirmed manually after acceptance
|
||||||
|
mail::send_invite_accepted(&claims.email, invited_by_email, &org_name, mail_config)?;
|
||||||
|
} else {
|
||||||
|
// User was invited from /admin, so they are automatically confirmed
|
||||||
|
mail::send_invite_confirmed(&claims.email, &org_name, mail_config)?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -649,6 +647,18 @@ fn confirm_invite(
|
||||||
None => err!("Invalid key provided"),
|
None => err!("Invalid key provided"),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if let Some(ref mail_config) = CONFIG.mail {
|
||||||
|
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
||||||
|
Some(org) => org.name,
|
||||||
|
None => err!("Error looking up organization."),
|
||||||
|
};
|
||||||
|
let address = match User::find_by_uuid(&user_to_confirm.user_uuid, &conn) {
|
||||||
|
Some(user) => user.email,
|
||||||
|
None => err!("Error looking up user."),
|
||||||
|
};
|
||||||
|
mail::send_invite_confirmed(&address, &org_name, mail_config)?;
|
||||||
|
}
|
||||||
|
|
||||||
user_to_confirm.save(&conn)
|
user_to_confirm.save(&conn)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
24
src/auth.rs
24
src/auth.rs
|
@ -2,7 +2,7 @@
|
||||||
// JWT Handling
|
// JWT Handling
|
||||||
//
|
//
|
||||||
use crate::util::read_file;
|
use crate::util::read_file;
|
||||||
use chrono::Duration;
|
use chrono::{Duration, Utc};
|
||||||
|
|
||||||
use jsonwebtoken::{self, Algorithm, Header};
|
use jsonwebtoken::{self, Algorithm, Header};
|
||||||
use serde::ser::Serialize;
|
use serde::ser::Serialize;
|
||||||
|
@ -116,8 +116,28 @@ pub struct InviteJWTClaims {
|
||||||
pub sub: String,
|
pub sub: String,
|
||||||
|
|
||||||
pub email: String,
|
pub email: String,
|
||||||
pub org_id: String,
|
pub org_id: Option<String>,
|
||||||
pub user_org_id: Option<String>,
|
pub user_org_id: Option<String>,
|
||||||
|
pub invited_by_email: Option<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn generate_invite_claims(uuid: String,
|
||||||
|
email: String,
|
||||||
|
org_id: Option<String>,
|
||||||
|
org_user_id: Option<String>,
|
||||||
|
invited_by_email: Option<String>,
|
||||||
|
) -> InviteJWTClaims {
|
||||||
|
let time_now = Utc::now().naive_utc();
|
||||||
|
InviteJWTClaims {
|
||||||
|
nbf: time_now.timestamp(),
|
||||||
|
exp: (time_now + Duration::days(5)).timestamp(),
|
||||||
|
iss: JWT_ISSUER.to_string(),
|
||||||
|
sub: uuid.clone(),
|
||||||
|
email: email.clone(),
|
||||||
|
org_id: org_id.clone(),
|
||||||
|
user_org_id: org_user_id.clone(),
|
||||||
|
invited_by_email: invited_by_email.clone(),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
|
|
87
src/mail.rs
87
src/mail.rs
|
@ -6,7 +6,7 @@ use native_tls::{Protocol, TlsConnector};
|
||||||
|
|
||||||
use crate::MailConfig;
|
use crate::MailConfig;
|
||||||
use crate::CONFIG;
|
use crate::CONFIG;
|
||||||
|
use crate::auth::{generate_invite_claims, encode_jwt};
|
||||||
use crate::api::EmptyResult;
|
use crate::api::EmptyResult;
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
|
|
||||||
|
@ -53,28 +53,26 @@ pub fn send_password_hint(address: &str, hint: Option<String>, config: &MailConf
|
||||||
)
|
)
|
||||||
};
|
};
|
||||||
|
|
||||||
let email = EmailBuilder::new()
|
send_email(&address, &subject, &body, &config)
|
||||||
.to(address)
|
|
||||||
.from((config.smtp_from.clone(), "Bitwarden-rs"))
|
|
||||||
.subject(subject)
|
|
||||||
.body(body)
|
|
||||||
.build()
|
|
||||||
.map_err(|e| Error::new("Error building hint email", e.to_string()))?;
|
|
||||||
|
|
||||||
mailer(config)
|
|
||||||
.send(email.into())
|
|
||||||
.map_err(|e| Error::new("Error sending hint email", e.to_string()))
|
|
||||||
.and(Ok(()))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn send_invite(
|
pub fn send_invite(
|
||||||
address: &str,
|
address: &str,
|
||||||
org_id: &str,
|
uuid: &str,
|
||||||
org_user_id: &str,
|
org_id: Option<String>,
|
||||||
token: &str,
|
org_user_id: Option<String>,
|
||||||
org_name: &str,
|
org_name: &str,
|
||||||
|
invited_by_email: Option<String>,
|
||||||
config: &MailConfig,
|
config: &MailConfig,
|
||||||
) -> EmptyResult {
|
) -> EmptyResult {
|
||||||
|
let claims = generate_invite_claims(
|
||||||
|
uuid.to_string(),
|
||||||
|
String::from(address),
|
||||||
|
org_id.clone(),
|
||||||
|
org_user_id.clone(),
|
||||||
|
invited_by_email.clone(),
|
||||||
|
);
|
||||||
|
let invite_token = encode_jwt(&claims);
|
||||||
let (subject, body) = {
|
let (subject, body) = {
|
||||||
(format!("Join {}", &org_name),
|
(format!("Join {}", &org_name),
|
||||||
format!(
|
format!(
|
||||||
|
@ -83,21 +81,58 @@ pub fn send_invite(
|
||||||
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
|
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
|
||||||
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
|
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
|
||||||
</html>",
|
</html>",
|
||||||
org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token
|
org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token
|
||||||
))
|
))
|
||||||
};
|
};
|
||||||
|
|
||||||
|
send_email(&address, &subject, &body, &config)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn send_invite_accepted(
|
||||||
|
new_user_email: &str,
|
||||||
|
address: &str,
|
||||||
|
org_name: &str,
|
||||||
|
config: &MailConfig,
|
||||||
|
) -> EmptyResult {
|
||||||
|
let (subject, body) = {
|
||||||
|
("Invitation accepted",
|
||||||
|
format!(
|
||||||
|
"<html>
|
||||||
|
<p>Your invitation for <b>{}</b> to join <b>{}</b> was accepted. Please <a href=\"{}\">log in</a> to the bitwarden_rs server and confirm them from the organization management page.</p>
|
||||||
|
</html>", new_user_email, org_name, CONFIG.domain))
|
||||||
|
};
|
||||||
|
|
||||||
|
send_email(&address, &subject, &body, &config)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn send_invite_confirmed(
|
||||||
|
address: &str,
|
||||||
|
org_name: &str,
|
||||||
|
config: &MailConfig,
|
||||||
|
) -> EmptyResult {
|
||||||
|
let (subject, body) = {
|
||||||
|
(format!("Invitation to {} confirmed", org_name),
|
||||||
|
format!(
|
||||||
|
"<html>
|
||||||
|
<p>Your invitation to join <b>{}</b> was confirmed. It will now appear under the Organizations the next time you <a href=\"{}\">log in</a> to the web vault.</p>
|
||||||
|
</html>", org_name, CONFIG.domain))
|
||||||
|
};
|
||||||
|
|
||||||
|
send_email(&address, &subject, &body, &config)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult {
|
||||||
let email = EmailBuilder::new()
|
let email = EmailBuilder::new()
|
||||||
.to(address)
|
.to(address)
|
||||||
.from((config.smtp_from.clone(), "Bitwarden-rs"))
|
.from((config.smtp_from.clone(), "Bitwarden-rs"))
|
||||||
.subject(subject)
|
.subject(subject)
|
||||||
.header(("Content-Type", "text/html"))
|
.header(("Content-Type", "text/html"))
|
||||||
.body(body)
|
.body(body)
|
||||||
.build()
|
.build()
|
||||||
.map_err(|e| Error::new("Error building invite email", e.to_string()))?;
|
.map_err(|e| Error::new("Error building email", e.to_string()))?;
|
||||||
|
|
||||||
mailer(config)
|
mailer(config)
|
||||||
.send(email.into())
|
.send(email.into())
|
||||||
.map_err(|e| Error::new("Error sending invite email", e.to_string()))
|
.map_err(|e| Error::new("Error sending email", e.to_string()))
|
||||||
.and(Ok(()))
|
.and(Ok(()))
|
||||||
}
|
}
|
Laden …
In neuem Issue referenzieren