mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-16 04:12:53 +01:00
Code Issues Releases Aktivität

Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time)

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Daniel García 2018-06-01 00:18:50 +02:00
Ursprung faa26ab8f5
Commit 5ec728683e
8 geänderte Dateien mit 232 neuen und 199 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

74
src/api/core/accounts.rs
Datei anzeigen

@ -3,7 +3,7 @@ use rocket_contrib::Json;
use db::DbConn; use db::DbConn;
use db::models::*; use db::models::*;
use api::{PasswordData, JsonResult, EmptyResult}; use api::{PasswordData, JsonResult, EmptyResult, JsonUpcase};
use auth::Headers; use auth::Headers;
use CONFIG; use CONFIG;
@ -11,12 +11,12 @@ use CONFIG;
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct RegisterData { struct RegisterData {
email: String, Email: String,
key: String, Key: String,
keys: Option<KeysData>, Keys: Option<KeysData>,
masterPasswordHash: String, MasterPasswordHash: String,
masterPasswordHint: Option<String>, MasterPasswordHint: Option<String>,
name: Option<String>, Name: Option<String>,
} }
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
@ -27,29 +27,29 @@ struct KeysData {
} }
#[post("/accounts/register", data = "<data>")] #[post("/accounts/register", data = "<data>")]
fn register(data: Json<RegisterData>, conn: DbConn) -> EmptyResult { fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
let data: RegisterData = data.into_inner(); let data: RegisterData = data.into_inner().data;
if !CONFIG.signups_allowed { if !CONFIG.signups_allowed {
err!(format!("Signups not allowed")) err!(format!("Signups not allowed"))
} }
if let Some(_) = User::find_by_mail(&data.email, &conn) { if let Some(_) = User::find_by_mail(&data.Email, &conn) {
err!("Email already exists") err!("Email already exists")
} }
let mut user = User::new(data.email, data.key, data.masterPasswordHash); let mut user = User::new(data.Email, data.Key, data.MasterPasswordHash);
// Add extra fields if present // Add extra fields if present
if let Some(name) = data.name { if let Some(name) = data.Name {
user.name = name; user.name = name;
} }
if let Some(hint) = data.masterPasswordHint { if let Some(hint) = data.MasterPasswordHint {
user.password_hint = Some(hint); user.password_hint = Some(hint);
} }
if let Some(keys) = data.keys { if let Some(keys) = data.Keys {
user.private_key = Some(keys.encryptedPrivateKey); user.private_key = Some(keys.encryptedPrivateKey);
user.public_key = Some(keys.publicKey); user.public_key = Some(keys.publicKey);
} }
@ -79,8 +79,8 @@ fn get_public_keys(uuid: String, _headers: Headers, conn: DbConn) -> JsonResult
} }
#[post("/accounts/keys", data = "<data>")] #[post("/accounts/keys", data = "<data>")]
fn post_keys(data: Json<KeysData>, headers: Headers, conn: DbConn) -> JsonResult { fn post_keys(data: JsonUpcase<KeysData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: KeysData = data.into_inner(); let data: KeysData = data.into_inner().data;
let mut user = headers.user; let mut user = headers.user;
@ -95,33 +95,33 @@ fn post_keys(data: Json<KeysData>, headers: Headers, conn: DbConn) -> JsonResult
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct ChangePassData { struct ChangePassData {
masterPasswordHash: String, MasterPasswordHash: String,
newMasterPasswordHash: String, NewMasterPasswordHash: String,
key: String, Key: String,
} }
#[post("/accounts/password", data = "<data>")] #[post("/accounts/password", data = "<data>")]
fn post_password(data: Json<ChangePassData>, headers: Headers, conn: DbConn) -> EmptyResult { fn post_password(data: JsonUpcase<ChangePassData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: ChangePassData = data.into_inner(); let data: ChangePassData = data.into_inner().data;
let mut user = headers.user; let mut user = headers.user;
if !user.check_valid_password(&data.masterPasswordHash) { if !user.check_valid_password(&data.MasterPasswordHash) {
err!("Invalid password") err!("Invalid password")
} }
user.set_password(&data.newMasterPasswordHash); user.set_password(&data.NewMasterPasswordHash);
user.key = data.key; user.key = data.Key;
user.save(&conn); user.save(&conn);
Ok(()) Ok(())
} }
#[post("/accounts/security-stamp", data = "<data>")] #[post("/accounts/security-stamp", data = "<data>")]
fn post_sstamp(data: Json<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult { fn post_sstamp(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: PasswordData = data.into_inner(); let data: PasswordData = data.into_inner().data;
let mut user = headers.user; let mut user = headers.user;
if !user.check_valid_password(&data.masterPasswordHash) { if !user.check_valid_password(&data.MasterPasswordHash) {
err!("Invalid password") err!("Invalid password")
} }
@ -134,36 +134,36 @@ fn post_sstamp(data: Json<PasswordData>, headers: Headers, conn: DbConn) -> Empt
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct ChangeEmailData { struct ChangeEmailData {
masterPasswordHash: String, MasterPasswordHash: String,
newEmail: String, NewEmail: String,
} }
#[post("/accounts/email-token", data = "<data>")] #[post("/accounts/email-token", data = "<data>")]
fn post_email(data: Json<ChangeEmailData>, headers: Headers, conn: DbConn) -> EmptyResult { fn post_email(data: JsonUpcase<ChangeEmailData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: ChangeEmailData = data.into_inner(); let data: ChangeEmailData = data.into_inner().data;
let mut user = headers.user; let mut user = headers.user;
if !user.check_valid_password(&data.masterPasswordHash) { if !user.check_valid_password(&data.MasterPasswordHash) {
err!("Invalid password") err!("Invalid password")
} }
if User::find_by_mail(&data.newEmail, &conn).is_some() { if User::find_by_mail(&data.NewEmail, &conn).is_some() {
err!("Email already in use"); err!("Email already in use");
} }
user.email = data.newEmail; user.email = data.NewEmail;
user.save(&conn); user.save(&conn);
Ok(()) Ok(())
} }
#[post("/accounts/delete", data = "<data>")] #[post("/accounts/delete", data = "<data>")]
fn delete_account(data: Json<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult { fn delete_account(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: PasswordData = data.into_inner(); let data: PasswordData = data.into_inner().data;
let user = headers.user; let user = headers.user;
if !user.check_valid_password(&data.masterPasswordHash) { if !user.check_valid_password(&data.MasterPasswordHash) {
err!("Invalid password") err!("Invalid password")
} }

134
src/api/core/ciphers.rs
Datei anzeigen

@ -17,7 +17,7 @@ use db::models::*;
use util; use util;
use crypto; use crypto;
use api::{self, PasswordData, JsonResult, EmptyResult}; use api::{self, PasswordData, JsonResult, EmptyResult, JsonUpcase};
use auth::Headers; use auth::Headers;
use CONFIG; use CONFIG;
@ -85,9 +85,9 @@ fn get_cipher_details(uuid: String, headers: Headers, conn: DbConn) -> JsonResul
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct CipherData { struct CipherData {
// Folder id is not included in import // Folder id is not included in import
folderId: Option<String>, FolderId: Option<String>,
// TODO: Some of these might appear all the time, no need for Option // TODO: Some of these might appear all the time, no need for Option
organizationId: Option<String>, OrganizationId: Option<String>,
/* /*
Login = 1, Login = 1,
@ -95,32 +95,31 @@ struct CipherData {
Card = 3, Card = 3,
Identity = 4 Identity = 4
*/ */
#[serde(rename = "type")] Type: i32, // TODO: Change this to NumberOrString
type_: i32, Name: String,
name: String, Notes: Option<String>,
notes: Option<String>, Fields: Option<Value>,
fields: Option<Value>,
// Only one of these should exist, depending on type // Only one of these should exist, depending on type
login: Option<Value>, Login: Option<Value>,
secureNote: Option<Value>, SecureNote: Option<Value>,
card: Option<Value>, Card: Option<Value>,
identity: Option<Value>, Identity: Option<Value>,
favorite: Option<bool>, Favorite: Option<bool>,
} }
#[post("/ciphers/admin", data = "<data>")] #[post("/ciphers/admin", data = "<data>")]
fn post_ciphers_admin(data: Json<CipherData>, headers: Headers, conn: DbConn) -> JsonResult { fn post_ciphers_admin(data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn) -> JsonResult {
// TODO: Implement this correctly // TODO: Implement this correctly
post_ciphers(data, headers, conn) post_ciphers(data, headers, conn)
} }
#[post("/ciphers", data = "<data>")] #[post("/ciphers", data = "<data>")]
fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> JsonResult { fn post_ciphers(data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: CipherData = data.into_inner(); let data: CipherData = data.into_inner().data;
let mut cipher = Cipher::new(data.type_, data.name.clone()); let mut cipher = Cipher::new(data.Type, data.Name.clone());
update_cipher_from_data(&mut cipher, data, &headers, true, &conn)?; update_cipher_from_data(&mut cipher, data, &headers, true, &conn)?;
Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn)))
@ -128,7 +127,7 @@ fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> JsonR
fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, is_new_or_shared: bool, conn: &DbConn) -> EmptyResult { fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, is_new_or_shared: bool, conn: &DbConn) -> EmptyResult {
if is_new_or_shared { if is_new_or_shared {
if let Some(org_id) = data.organizationId { if let Some(org_id) = data.OrganizationId {
match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
None => err!("You don't have permission to add item to organization"), None => err!("You don't have permission to add item to organization"),
Some(org_user) => if org_user.has_full_access() { Some(org_user) => if org_user.has_full_access() {
@ -143,7 +142,7 @@ fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Head
} }
} }
if let Some(ref folder_id) = data.folderId { if let Some(ref folder_id) = data.FolderId {
match Folder::find_by_uuid(folder_id, conn) { match Folder::find_by_uuid(folder_id, conn) {
Some(folder) => { Some(folder) => {
if folder.user_uuid != headers.user.uuid { if folder.user_uuid != headers.user.uuid {
@ -154,7 +153,7 @@ fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Head
} }
} }
let uppercase_fields = data.fields.map(|f| { let uppercase_fields = data.Fields.map(|f| {
let mut value = json!({}); let mut value = json!({});
// Copy every field object and change the names to the correct case // Copy every field object and change the names to the correct case
copy_values(&f, &mut value); copy_values(&f, &mut value);
@ -165,18 +164,18 @@ fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Head
// To remove backwards compatibility, just create an empty values object, // To remove backwards compatibility, just create an empty values object,
// and remove the compat code from cipher::to_json // and remove the compat code from cipher::to_json
let mut values = json!({ let mut values = json!({
"Name": data.name, "Name": data.Name,
"Notes": data.notes "Notes": data.Notes
}); });
values["Fields"] = uppercase_fields.clone().unwrap_or(Value::Null); values["Fields"] = uppercase_fields.clone().unwrap_or(Value::Null);
// TODO: ******* Backwards compat end ********** // TODO: ******* Backwards compat end **********
let type_data_opt = match data.type_ { let type_data_opt = match data.Type {
1 => data.login, 1 => data.Login,
2 => data.secureNote, 2 => data.SecureNote,
3 => data.card, 3 => data.Card,
4 => data.identity, 4 => data.Identity,
_ => err!("Invalid type") _ => err!("Invalid type")
}; };
@ -188,15 +187,15 @@ fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Head
// Copy the type data and change the names to the correct case // Copy the type data and change the names to the correct case
copy_values(&type_data, &mut values); copy_values(&type_data, &mut values);
cipher.favorite = data.favorite.unwrap_or(false); cipher.favorite = data.Favorite.unwrap_or(false);
cipher.name = data.name; cipher.name = data.Name;
cipher.notes = data.notes; cipher.notes = data.Notes;
cipher.fields = uppercase_fields.map(|f| f.to_string()); cipher.fields = uppercase_fields.map(|f| f.to_string());
cipher.data = values.to_string(); cipher.data = values.to_string();
cipher.save(&conn); cipher.save(&conn);
if cipher.move_to_folder(data.folderId, &headers.user.uuid, &conn).is_err() { if cipher.move_to_folder(data.FolderId, &headers.user.uuid, &conn).is_err() {
err!("Error saving the folder information") err!("Error saving the folder information")
} }
@ -225,9 +224,9 @@ use super::folders::FolderData;
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct ImportData { struct ImportData {
ciphers: Vec<CipherData>, Ciphers: Vec<CipherData>,
folders: Vec<FolderData>, Folders: Vec<FolderData>,
folderRelationships: Vec<RelationsData>, FolderRelationships: Vec<RelationsData>,
} }
#[derive(Deserialize)] #[derive(Deserialize)]
@ -241,12 +240,12 @@ struct RelationsData {
#[post("/ciphers/import", data = "<data>")] #[post("/ciphers/import", data = "<data>")]
fn post_ciphers_import(data: Json<ImportData>, headers: Headers, conn: DbConn) -> EmptyResult { fn post_ciphers_import(data: JsonUpcase<ImportData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: ImportData = data.into_inner(); let data: ImportData = data.into_inner().data;
// Read and create the folders // Read and create the folders
let folders: Vec<_> = data.folders.into_iter().map(|folder| { let folders: Vec<_> = data.Folders.into_iter().map(|folder| {
let mut folder = Folder::new(headers.user.uuid.clone(), folder.name); let mut folder = Folder::new(headers.user.uuid.clone(), folder.Name);
folder.save(&conn); folder.save(&conn);
folder folder
}).collect(); }).collect();
@ -255,17 +254,17 @@ fn post_ciphers_import(data: Json<ImportData>, headers: Headers, conn: DbConn) -
use std::collections::HashMap; use std::collections::HashMap;
let mut relations_map = HashMap::new(); let mut relations_map = HashMap::new();
for relation in data.folderRelationships { for relation in data.FolderRelationships {
relations_map.insert(relation.key, relation.value); relations_map.insert(relation.key, relation.value);
} }
// Read and create the ciphers // Read and create the ciphers
let mut index = 0; let mut index = 0;
for cipher_data in data.ciphers { for cipher_data in data.Ciphers {
let folder_uuid = relations_map.get(&index) let folder_uuid = relations_map.get(&index)
.map(|i| folders[*i as usize].uuid.clone()); .map(|i| folders[*i as usize].uuid.clone());
let mut cipher = Cipher::new(cipher_data.type_, cipher_data.name.clone()); let mut cipher = Cipher::new(cipher_data.Type, cipher_data.Name.clone());
update_cipher_from_data(&mut cipher, cipher_data, &headers, true, &conn)?; update_cipher_from_data(&mut cipher, cipher_data, &headers, true, &conn)?;
cipher.move_to_folder(folder_uuid, &headers.user.uuid.clone(), &conn).ok(); cipher.move_to_folder(folder_uuid, &headers.user.uuid.clone(), &conn).ok();
@ -277,19 +276,19 @@ fn post_ciphers_import(data: Json<ImportData>, headers: Headers, conn: DbConn) -
} }
#[post("/ciphers/<uuid>/admin", data = "<data>")] #[post("/ciphers/<uuid>/admin", data = "<data>")]
fn post_cipher_admin(uuid: String, data: Json<CipherData>, headers: Headers, conn: DbConn) -> JsonResult { fn post_cipher_admin(uuid: String, data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn) -> JsonResult {
// TODO: Implement this correctly // TODO: Implement this correctly
post_cipher(uuid, data, headers, conn) post_cipher(uuid, data, headers, conn)
} }
#[post("/ciphers/<uuid>", data = "<data>")] #[post("/ciphers/<uuid>", data = "<data>")]
fn post_cipher(uuid: String, data: Json<CipherData>, headers: Headers, conn: DbConn) -> JsonResult { fn post_cipher(uuid: String, data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn) -> JsonResult {
put_cipher(uuid, data, headers, conn) put_cipher(uuid, data, headers, conn)
} }
#[put("/ciphers/<uuid>", data = "<data>")] #[put("/ciphers/<uuid>", data = "<data>")]
fn put_cipher(uuid: String, data: Json<CipherData>, headers: Headers, conn: DbConn) -> JsonResult { fn put_cipher(uuid: String, data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: CipherData = data.into_inner(); let data: CipherData = data.into_inner().data;
let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) { let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) {
Some(cipher) => cipher, Some(cipher) => cipher,
@ -308,17 +307,17 @@ fn put_cipher(uuid: String, data: Json<CipherData>, headers: Headers, conn: DbCo
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct CollectionsAdminData { struct CollectionsAdminData {
collectionIds: Vec<String>, CollectionIds: Vec<String>,
} }
#[post("/ciphers/<uuid>/collections", data = "<data>")] #[post("/ciphers/<uuid>/collections", data = "<data>")]
fn post_collections_update(uuid: String, data: Json<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult { fn post_collections_update(uuid: String, data: JsonUpcase<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult {
post_collections_admin(uuid, data, headers, conn) post_collections_admin(uuid, data, headers, conn)
} }
#[post("/ciphers/<uuid>/collections-admin", data = "<data>")] #[post("/ciphers/<uuid>/collections-admin", data = "<data>")]
fn post_collections_admin(uuid: String, data: Json<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult { fn post_collections_admin(uuid: String, data: JsonUpcase<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: CollectionsAdminData = data.into_inner(); let data: CollectionsAdminData = data.into_inner().data;
let cipher = match Cipher::find_by_uuid(&uuid, &conn) { let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
Some(cipher) => cipher, Some(cipher) => cipher,
@ -329,7 +328,7 @@ fn post_collections_admin(uuid: String, data: Json<CollectionsAdminData>, header
err!("Cipher is not write accessible") err!("Cipher is not write accessible")
} }
let posted_collections: HashSet<String> = data.collectionIds.iter().cloned().collect(); let posted_collections: HashSet<String> = data.CollectionIds.iter().cloned().collect();
let current_collections: HashSet<String> = cipher.get_collections(&headers.user.uuid ,&conn).iter().cloned().collect(); let current_collections: HashSet<String> = cipher.get_collections(&headers.user.uuid ,&conn).iter().cloned().collect();
for collection in posted_collections.symmetric_difference(&current_collections) { for collection in posted_collections.symmetric_difference(&current_collections) {
@ -355,13 +354,14 @@ fn post_collections_admin(uuid: String, data: Json<CollectionsAdminData>, header
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct ShareCipherData { struct ShareCipherData {
cipher: CipherData, #[serde(deserialize_with = "util::upcase_deserialize")]
collectionIds: Vec<String>, Cipher: CipherData,
CollectionIds: Vec<String>,
} }
#[post("/ciphers/<uuid>/share", data = "<data>")] #[post("/ciphers/<uuid>/share", data = "<data>")]
fn post_cipher_share(uuid: String, data: Json<ShareCipherData>, headers: Headers, conn: DbConn) -> JsonResult { fn post_cipher_share(uuid: String, data: JsonUpcase<ShareCipherData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: ShareCipherData = data.into_inner(); let data: ShareCipherData = data.into_inner().data;
let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) { let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) {
Some(cipher) => { Some(cipher) => {
@ -374,11 +374,11 @@ fn post_cipher_share(uuid: String, data: Json<ShareCipherData>, headers: Headers
None => err!("Cipher doesn't exist") None => err!("Cipher doesn't exist")
}; };
match data.cipher.organizationId { match data.Cipher.OrganizationId {
None => err!("Organization id not provided"), None => err!("Organization id not provided"),
Some(_) => { Some(_) => {
update_cipher_from_data(&mut cipher, data.cipher, &headers, true, &conn)?; update_cipher_from_data(&mut cipher, data.Cipher, &headers, true, &conn)?;
for collection in data.collectionIds.iter() { for collection in data.CollectionIds.iter() {
match Collection::find_by_uuid(&collection, &conn) { match Collection::find_by_uuid(&collection, &conn) {
None => err!("Invalid collection ID provided"), None => err!("Invalid collection ID provided"),
Some(collection) => { Some(collection) => {
@ -478,10 +478,10 @@ fn delete_cipher(uuid: String, headers: Headers, conn: DbConn) -> EmptyResult {
} }
#[post("/ciphers/delete", data = "<data>")] #[post("/ciphers/delete", data = "<data>")]
fn delete_cipher_selected(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult { fn delete_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: Value = data.into_inner(); let data: Value = data.into_inner().data;
let uuids = match data.get("ids") { let uuids = match data.get("Ids") {
Some(ids) => match ids.as_array() { Some(ids) => match ids.as_array() {
Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }), Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }),
None => err!("Posted ids field is not an array") None => err!("Posted ids field is not an array")
@ -499,8 +499,10 @@ fn delete_cipher_selected(data: Json<Value>, headers: Headers, conn: DbConn) ->
} }
#[post("/ciphers/move", data = "<data>")] #[post("/ciphers/move", data = "<data>")]
fn move_cipher_selected(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult { fn move_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
let folder_id = match data.get("folderId") { let data = data.into_inner().data;
let folder_id = match data.get("FolderId") {
Some(folder_id) => { Some(folder_id) => {
match folder_id.as_str() { match folder_id.as_str() {
Some(folder_id) => { Some(folder_id) => {
@ -520,7 +522,7 @@ fn move_cipher_selected(data: Json<Value>, headers: Headers, conn: DbConn) -> Em
None => None None => None
}; };
let uuids = match data.get("ids") { let uuids = match data.get("Ids") {
Some(ids) => match ids.as_array() { Some(ids) => match ids.as_array() {
Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }), Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }),
None => err!("Posted ids field is not an array") None => err!("Posted ids field is not an array")
@ -549,9 +551,9 @@ fn move_cipher_selected(data: Json<Value>, headers: Headers, conn: DbConn) -> Em
} }
#[post("/ciphers/purge", data = "<data>")] #[post("/ciphers/purge", data = "<data>")]
fn delete_all(data: Json<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult { fn delete_all(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: PasswordData = data.into_inner(); let data: PasswordData = data.into_inner().data;
let password_hash = data.masterPasswordHash; let password_hash = data.MasterPasswordHash;
let user = headers.user; let user = headers.user;

20
src/api/core/folders.rs
Datei anzeigen

@ -3,7 +3,7 @@ use rocket_contrib::{Json, Value};
use db::DbConn; use db::DbConn;
use db::models::*; use db::models::*;
use api::{JsonResult, EmptyResult}; use api::{JsonResult, EmptyResult, JsonUpcase};
use auth::Headers; use auth::Headers;
#[get("/folders")] #[get("/folders")]
@ -33,15 +33,17 @@ fn get_folder(uuid: String, headers: Headers, conn: DbConn) -> JsonResult {
} }
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)]
pub struct FolderData { pub struct FolderData {
pub name: String pub Name: String
} }
#[post("/folders", data = "<data>")] #[post("/folders", data = "<data>")]
fn post_folders(data: Json<FolderData>, headers: Headers, conn: DbConn) -> JsonResult { fn post_folders(data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: FolderData = data.into_inner(); let data: FolderData = data.into_inner().data;
let mut folder = Folder::new(headers.user.uuid.clone(), data.name); let mut folder = Folder::new(headers.user.uuid.clone(), data.Name);
folder.save(&conn); folder.save(&conn);
@ -49,13 +51,13 @@ fn post_folders(data: Json<FolderData>, headers: Headers, conn: DbConn) -> JsonR
} }
#[post("/folders/<uuid>", data = "<data>")] #[post("/folders/<uuid>", data = "<data>")]
fn post_folder(uuid: String, data: Json<FolderData>, headers: Headers, conn: DbConn) -> JsonResult { fn post_folder(uuid: String, data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn) -> JsonResult {
put_folder(uuid, data, headers, conn) put_folder(uuid, data, headers, conn)
} }
#[put("/folders/<uuid>", data = "<data>")] #[put("/folders/<uuid>", data = "<data>")]
fn put_folder(uuid: String, data: Json<FolderData>, headers: Headers, conn: DbConn) -> JsonResult { fn put_folder(uuid: String, data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: FolderData = data.into_inner(); let data: FolderData = data.into_inner().data;
let mut folder = match Folder::find_by_uuid(&uuid, &conn) { let mut folder = match Folder::find_by_uuid(&uuid, &conn) {
Some(folder) => folder, Some(folder) => folder,
@ -66,7 +68,7 @@ fn put_folder(uuid: String, data: Json<FolderData>, headers: Headers, conn: DbCo
err!("Folder belongs to another user") err!("Folder belongs to another user")
} }
folder.name = data.name; folder.name = data.Name;
folder.save(&conn); folder.save(&conn);

6
src/api/core/mod.rs
Datei anzeigen

@ -100,7 +100,7 @@ use rocket_contrib::Json;
use db::DbConn; use db::DbConn;
use api::{JsonResult, EmptyResult}; use api::{JsonResult, EmptyResult, JsonUpcase};
use auth::Headers; use auth::Headers;
#[put("/devices/identifier/<uuid>/clear-token")] #[put("/devices/identifier/<uuid>/clear-token")]
@ -155,8 +155,8 @@ struct EquivDomainData {
} }
#[post("/settings/domains", data = "<data>")] #[post("/settings/domains", data = "<data>")]
fn post_eq_domains(data: Json<EquivDomainData>, headers: Headers, conn: DbConn) -> EmptyResult { fn post_eq_domains(data: JsonUpcase<EquivDomainData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: EquivDomainData = data.into_inner(); let data: EquivDomainData = data.into_inner().data;
let excluded_globals = data.ExcludedGlobalEquivalentDomains.unwrap_or(Vec::new()); let excluded_globals = data.ExcludedGlobalEquivalentDomains.unwrap_or(Vec::new());
let equivalent_domains = data.EquivalentDomains.unwrap_or(Vec::new()); let equivalent_domains = data.EquivalentDomains.unwrap_or(Vec::new());

108
src/api/core/organizations.rs
Datei anzeigen

@ -5,45 +5,45 @@ use rocket_contrib::{Json, Value};
use db::DbConn; use db::DbConn;
use db::models::*; use db::models::*;
use api::{PasswordData, JsonResult, EmptyResult, NumberOrString}; use api::{PasswordData, JsonResult, EmptyResult, NumberOrString, JsonUpcase};
use auth::{Headers, AdminHeaders, OwnerHeaders}; use auth::{Headers, AdminHeaders, OwnerHeaders};
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct OrgData { struct OrgData {
billingEmail: String, BillingEmail: String,
collectionName: String, CollectionName: String,
key: String, Key: String,
name: String, Name: String,
#[serde(rename = "planType")] #[serde(rename = "PlanType")]
_planType: String, // Ignored, always use the same plan _PlanType: String, // Ignored, always use the same plan
} }
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct OrganizationUpdateData { struct OrganizationUpdateData {
billingEmail: String, BillingEmail: String,
name: String, Name: String,
} }
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct NewCollectionData { struct NewCollectionData {
name: String, Name: String,
} }
#[post("/organizations", data = "<data>")] #[post("/organizations", data = "<data>")]
fn create_organization(headers: Headers, data: Json<OrgData>, conn: DbConn) -> JsonResult { fn create_organization(headers: Headers, data: JsonUpcase<OrgData>, conn: DbConn) -> JsonResult {
let data: OrgData = data.into_inner(); let data: OrgData = data.into_inner().data;
let mut org = Organization::new(data.name, data.billingEmail); let mut org = Organization::new(data.Name, data.BillingEmail);
let mut user_org = UserOrganization::new( let mut user_org = UserOrganization::new(
headers.user.uuid.clone(), org.uuid.clone()); headers.user.uuid.clone(), org.uuid.clone());
let mut collection = Collection::new( let mut collection = Collection::new(
org.uuid.clone(), data.collectionName); org.uuid.clone(), data.CollectionName);
user_org.key = data.key; user_org.key = data.Key;
user_org.access_all = true; user_org.access_all = true;
user_org.type_ = UserOrgType::Owner as i32; user_org.type_ = UserOrgType::Owner as i32;
user_org.status = UserOrgStatus::Confirmed as i32; user_org.status = UserOrgStatus::Confirmed as i32;
@ -56,9 +56,9 @@ fn create_organization(headers: Headers, data: Json<OrgData>, conn: DbConn) -> J
} }
#[post("/organizations/<org_id>/delete", data = "<data>")] #[post("/organizations/<org_id>/delete", data = "<data>")]
fn delete_organization(org_id: String, data: Json<PasswordData>, headers: OwnerHeaders, conn: DbConn) -> EmptyResult { fn delete_organization(org_id: String, data: JsonUpcase<PasswordData>, headers: OwnerHeaders, conn: DbConn) -> EmptyResult {
let data: PasswordData = data.into_inner(); let data: PasswordData = data.into_inner().data;
let password_hash = data.masterPasswordHash; let password_hash = data.MasterPasswordHash;
if !headers.user.check_valid_password(&password_hash) { if !headers.user.check_valid_password(&password_hash) {
err!("Invalid password") err!("Invalid password")
@ -82,16 +82,16 @@ fn get_organization(org_id: String, _headers: OwnerHeaders, conn: DbConn) -> Jso
} }
#[post("/organizations/<org_id>", data = "<data>")] #[post("/organizations/<org_id>", data = "<data>")]
fn post_organization(org_id: String, _headers: OwnerHeaders, data: Json<OrganizationUpdateData>, conn: DbConn) -> JsonResult { fn post_organization(org_id: String, _headers: OwnerHeaders, data: JsonUpcase<OrganizationUpdateData>, conn: DbConn) -> JsonResult {
let data: OrganizationUpdateData = data.into_inner(); let data: OrganizationUpdateData = data.into_inner().data;
let mut org = match Organization::find_by_uuid(&org_id, &conn) { let mut org = match Organization::find_by_uuid(&org_id, &conn) {
Some(organization) => organization, Some(organization) => organization,
None => err!("Can't find organization details") None => err!("Can't find organization details")
}; };
org.name = data.name; org.name = data.Name;
org.billing_email = data.billingEmail; org.billing_email = data.BillingEmail;
org.save(&conn); org.save(&conn);
Ok(Json(org.to_json())) Ok(Json(org.to_json()))
@ -126,15 +126,15 @@ fn get_org_collections(org_id: String, _headers: AdminHeaders, conn: DbConn) ->
} }
#[post("/organizations/<org_id>/collections", data = "<data>")] #[post("/organizations/<org_id>/collections", data = "<data>")]
fn post_organization_collections(org_id: String, _headers: AdminHeaders, data: Json<NewCollectionData>, conn: DbConn) -> JsonResult { fn post_organization_collections(org_id: String, _headers: AdminHeaders, data: JsonUpcase<NewCollectionData>, conn: DbConn) -> JsonResult {
let data: NewCollectionData = data.into_inner(); let data: NewCollectionData = data.into_inner().data;
let org = match Organization::find_by_uuid(&org_id, &conn) { let org = match Organization::find_by_uuid(&org_id, &conn) {
Some(organization) => organization, Some(organization) => organization,
None => err!("Can't find organization details") None => err!("Can't find organization details")
}; };
let mut collection = Collection::new(org.uuid.clone(), data.name); let mut collection = Collection::new(org.uuid.clone(), data.Name);
collection.save(&conn); collection.save(&conn);
@ -142,8 +142,8 @@ fn post_organization_collections(org_id: String, _headers: AdminHeaders, data: J
} }
#[post("/organizations/<org_id>/collections/<col_id>", data = "<data>")] #[post("/organizations/<org_id>/collections/<col_id>", data = "<data>")]
fn post_organization_collection_update(org_id: String, col_id: String, _headers: AdminHeaders, data: Json<NewCollectionData>, conn: DbConn) -> JsonResult { fn post_organization_collection_update(org_id: String, col_id: String, _headers: AdminHeaders, data: JsonUpcase<NewCollectionData>, conn: DbConn) -> JsonResult {
let data: NewCollectionData = data.into_inner(); let data: NewCollectionData = data.into_inner().data;
let org = match Organization::find_by_uuid(&org_id, &conn) { let org = match Organization::find_by_uuid(&org_id, &conn) {
Some(organization) => organization, Some(organization) => organization,
@ -159,7 +159,7 @@ fn post_organization_collection_update(org_id: String, col_id: String, _headers:
err!("Collection is not owned by organization"); err!("Collection is not owned by organization");
} }
collection.name = data.name.clone(); collection.name = data.Name.clone();
collection.save(&conn); collection.save(&conn);
Ok(Json(collection.to_json())) Ok(Json(collection.to_json()))
@ -195,13 +195,13 @@ fn post_organization_collection_delete_user(org_id: String, col_id: String, org_
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct DeleteCollectionData { struct DeleteCollectionData {
id: String, Id: String,
orgId: String, OrgId: String,
} }
#[post("/organizations/<org_id>/collections/<col_id>/delete", data = "<data>")] #[post("/organizations/<org_id>/collections/<col_id>/delete", data = "<data>")]
fn post_organization_collection_delete(org_id: String, col_id: String, _headers: AdminHeaders, data: Json<DeleteCollectionData>, conn: DbConn) -> EmptyResult { fn post_organization_collection_delete(org_id: String, col_id: String, _headers: AdminHeaders, data: JsonUpcase<DeleteCollectionData>, conn: DbConn) -> EmptyResult {
let _data: DeleteCollectionData = data.into_inner(); let _data: DeleteCollectionData = data.into_inner().data;
match Collection::find_by_uuid(&col_id, &conn) { match Collection::find_by_uuid(&col_id, &conn) {
None => err!("Collection not found"), None => err!("Collection not found"),
@ -295,18 +295,17 @@ struct CollectionData {
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct InviteData { struct InviteData {
emails: Vec<String>, Emails: Vec<String>,
#[serde(rename = "type")] Type: NumberOrString,
type_: NumberOrString, Collections: Vec<CollectionData>,
collections: Vec<CollectionData>, AccessAll: Option<bool>,
accessAll: Option<bool>,
} }
#[post("/organizations/<org_id>/users/invite", data = "<data>")] #[post("/organizations/<org_id>/users/invite", data = "<data>")]
fn send_invite(org_id: String, data: Json<InviteData>, headers: AdminHeaders, conn: DbConn) -> EmptyResult { fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
let data: InviteData = data.into_inner(); let data: InviteData = data.into_inner().data;
let new_type = match UserOrgType::from_str(&data.type_.to_string()) { let new_type = match UserOrgType::from_str(&data.Type.to_string()) {
Some(new_type) => new_type as i32, Some(new_type) => new_type as i32,
None => err!("Invalid type") None => err!("Invalid type")
}; };
@ -316,7 +315,7 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: AdminHeaders, co
err!("Only Owners can invite Admins or Owners") err!("Only Owners can invite Admins or Owners")
} }
for user_opt in data.emails.iter().map(|email| User::find_by_mail(email, &conn)) { for user_opt in data.Emails.iter().map(|email| User::find_by_mail(email, &conn)) {
match user_opt { match user_opt {
None => err!("User email does not exist"), None => err!("User email does not exist"),
Some(user) => { Some(user) => {
@ -326,13 +325,13 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: AdminHeaders, co
} }
let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone()); let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone());
let access_all = data.accessAll.unwrap_or(false); let access_all = data.AccessAll.unwrap_or(false);
new_user.access_all = access_all; new_user.access_all = access_all;
new_user.type_ = new_type; new_user.type_ = new_type;
// If no accessAll, add the collections received // If no accessAll, add the collections received
if !access_all { if !access_all {
for col in data.collections.iter() { for col in data.Collections.iter() {
match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) { match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) {
None => err!("Collection not found in Organization"), None => err!("Collection not found in Organization"),
Some(collection) => { Some(collection) => {
@ -354,7 +353,9 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: AdminHeaders, co
} }
#[post("/organizations/<org_id>/users/<user_id>/confirm", data = "<data>")] #[post("/organizations/<org_id>/users/<user_id>/confirm", data = "<data>")]
fn confirm_invite(org_id: String, user_id: String, data: Json<Value>, headers: AdminHeaders, conn: DbConn) -> EmptyResult { fn confirm_invite(org_id: String, user_id: String, data: JsonUpcase<Value>, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
let data = data.into_inner().data;
let mut user_to_confirm = match UserOrganization::find_by_uuid(&user_id, &conn) { let mut user_to_confirm = match UserOrganization::find_by_uuid(&user_id, &conn) {
Some(user) => user, Some(user) => user,
None => err!("Failed to find user membership") None => err!("Failed to find user membership")
@ -401,17 +402,16 @@ fn get_user(org_id: String, user_id: String, _headers: AdminHeaders, conn: DbCon
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct EditUserData { struct EditUserData {
#[serde(rename = "type")] Type: NumberOrString,
type_: NumberOrString, Collections: Vec<CollectionData>,
collections: Vec<CollectionData>, AccessAll: bool,
accessAll: bool,
} }
#[post("/organizations/<org_id>/users/<user_id>", data = "<data>", rank = 1)] #[post("/organizations/<org_id>/users/<user_id>", data = "<data>", rank = 1)]
fn edit_user(org_id: String, user_id: String, data: Json<EditUserData>, headers: AdminHeaders, conn: DbConn) -> EmptyResult { fn edit_user(org_id: String, user_id: String, data: JsonUpcase<EditUserData>, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
let data: EditUserData = data.into_inner(); let data: EditUserData = data.into_inner().data;
let new_type = match UserOrgType::from_str(&data.type_.to_string()) { let new_type = match UserOrgType::from_str(&data.Type.to_string()) {
Some(new_type) => new_type as i32, Some(new_type) => new_type as i32,
None => err!("Invalid type") None => err!("Invalid type")
}; };
@ -444,7 +444,7 @@ fn edit_user(org_id: String, user_id: String, data: Json<EditUserData>, headers:
} }
} }
user_to_edit.access_all = data.accessAll; user_to_edit.access_all = data.AccessAll;
user_to_edit.type_ = new_type; user_to_edit.type_ = new_type;
// Delete all the odd collections // Delete all the odd collections
@ -456,8 +456,8 @@ fn edit_user(org_id: String, user_id: String, data: Json<EditUserData>, headers:
} }
// If no accessAll, add the collections received // If no accessAll, add the collections received
if !data.accessAll { if !data.AccessAll {
for col in data.collections.iter() { for col in data.Collections.iter() {
match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) { match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) {
None => err!("Collection not found in Organization"), None => err!("Collection not found in Organization"),
Some(collection) => { Some(collection) => {

58
src/api/core/two_factor.rs
Datei anzeigen

@ -6,7 +6,7 @@ use db::DbConn;
use crypto; use crypto;
use api::{PasswordData, JsonResult, NumberOrString}; use api::{PasswordData, JsonResult, NumberOrString, JsonUpcase};
use auth::Headers; use auth::Headers;
#[get("/two-factor")] #[get("/two-factor")]
@ -28,10 +28,10 @@ fn get_twofactor(headers: Headers) -> JsonResult {
} }
#[post("/two-factor/get-recover", data = "<data>")] #[post("/two-factor/get-recover", data = "<data>")]
fn get_recover(data: Json<PasswordData>, headers: Headers) -> JsonResult { fn get_recover(data: JsonUpcase<PasswordData>, headers: Headers) -> JsonResult {
let data: PasswordData = data.into_inner(); let data: PasswordData = data.into_inner().data;
if !headers.user.check_valid_password(&data.masterPasswordHash) { if !headers.user.check_valid_password(&data.MasterPasswordHash) {
err!("Invalid password"); err!("Invalid password");
} }
@ -44,30 +44,30 @@ fn get_recover(data: Json<PasswordData>, headers: Headers) -> JsonResult {
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct RecoverTwoFactor { struct RecoverTwoFactor {
masterPasswordHash: String, MasterPasswordHash: String,
email: String, Email: String,
recoveryCode: String, RecoveryCode: String,
} }
#[post("/two-factor/recover", data = "<data>")] #[post("/two-factor/recover", data = "<data>")]
fn recover(data: Json<RecoverTwoFactor>, conn: DbConn) -> JsonResult { fn recover(data: JsonUpcase<RecoverTwoFactor>, conn: DbConn) -> JsonResult {
let data: RecoverTwoFactor = data.into_inner(); let data: RecoverTwoFactor = data.into_inner().data;
use db::models::User; use db::models::User;
// Get the user // Get the user
let mut user = match User::find_by_mail(&data.email, &conn) { let mut user = match User::find_by_mail(&data.Email, &conn) {
Some(user) => user, Some(user) => user,
None => err!("Username or password is incorrect. Try again.") None => err!("Username or password is incorrect. Try again.")
}; };
// Check password // Check password
if !user.check_valid_password(&data.masterPasswordHash) { if !user.check_valid_password(&data.MasterPasswordHash) {
err!("Username or password is incorrect. Try again.") err!("Username or password is incorrect. Try again.")
} }
// Check if recovery code is correct // Check if recovery code is correct
if !user.check_valid_recovery_code(&data.recoveryCode) { if !user.check_valid_recovery_code(&data.RecoveryCode) {
err!("Recovery code is incorrect. Try again.") err!("Recovery code is incorrect. Try again.")
} }
@ -79,10 +79,10 @@ fn recover(data: Json<RecoverTwoFactor>, conn: DbConn) -> JsonResult {
} }
#[post("/two-factor/get-authenticator", data = "<data>")] #[post("/two-factor/get-authenticator", data = "<data>")]
fn generate_authenticator(data: Json<PasswordData>, headers: Headers) -> JsonResult { fn generate_authenticator(data: JsonUpcase<PasswordData>, headers: Headers) -> JsonResult {
let data: PasswordData = data.into_inner(); let data: PasswordData = data.into_inner().data;
if !headers.user.check_valid_password(&data.masterPasswordHash) { if !headers.user.check_valid_password(&data.MasterPasswordHash) {
err!("Invalid password"); err!("Invalid password");
} }
@ -101,17 +101,17 @@ fn generate_authenticator(data: Json<PasswordData>, headers: Headers) -> JsonRes
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct EnableTwoFactorData { struct EnableTwoFactorData {
masterPasswordHash: String, MasterPasswordHash: String,
key: String, Key: String,
token: NumberOrString, Token: NumberOrString,
} }
#[post("/two-factor/authenticator", data = "<data>")] #[post("/two-factor/authenticator", data = "<data>")]
fn activate_authenticator(data: Json<EnableTwoFactorData>, headers: Headers, conn: DbConn) -> JsonResult { fn activate_authenticator(data: JsonUpcase<EnableTwoFactorData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: EnableTwoFactorData = data.into_inner(); let data: EnableTwoFactorData = data.into_inner().data;
let password_hash = data.masterPasswordHash; let password_hash = data.MasterPasswordHash;
let key = data.key; let key = data.Key;
let token = match data.token.to_i32() { let token = match data.Token.to_i32() {
Some(n) => n as u64, Some(n) => n as u64,
None => err!("Malformed token") None => err!("Malformed token")
}; };
@ -155,15 +155,15 @@ fn activate_authenticator(data: Json<EnableTwoFactorData>, headers: Headers, con
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct DisableTwoFactorData { struct DisableTwoFactorData {
masterPasswordHash: String, MasterPasswordHash: String,
#[serde(rename = "type")] Type: NumberOrString,
_type: NumberOrString,
} }
#[post("/two-factor/disable", data = "<data>")] #[post("/two-factor/disable", data = "<data>")]
fn disable_authenticator(data: Json<DisableTwoFactorData>, headers: Headers, conn: DbConn) -> JsonResult { fn disable_authenticator(data: JsonUpcase<DisableTwoFactorData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: DisableTwoFactorData = data.into_inner(); let data: DisableTwoFactorData = data.into_inner().data;
let password_hash = data.masterPasswordHash; let password_hash = data.MasterPasswordHash;
let _type = data.Type;
if !headers.user.check_valid_password(&password_hash) { if !headers.user.check_valid_password(&password_hash) {
err!("Invalid password"); err!("Invalid password");

5
src/api/mod.rs
Datei anzeigen

@ -15,11 +15,14 @@ use rocket_contrib::Json;
type JsonResult = Result<Json, BadRequest<Json>>; type JsonResult = Result<Json, BadRequest<Json>>;
type EmptyResult = Result<(), BadRequest<Json>>; type EmptyResult = Result<(), BadRequest<Json>>;
use util;
type JsonUpcase<T> = Json<util::UpCase<T>>;
// Common structs representing JSON data received // Common structs representing JSON data received
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct PasswordData { struct PasswordData {
masterPasswordHash: String MasterPasswordHash: String
} }
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]

26
src/util.rs
Datei anzeigen

@ -124,3 +124,29 @@ const DATETIME_FORMAT: &'static str = "%Y-%m-%dT%H:%M:%S%.6fZ";
pub fn format_date(date: &NaiveDateTime) -> String { pub fn format_date(date: &NaiveDateTime) -> String {
date.format(DATETIME_FORMAT).to_string() date.format(DATETIME_FORMAT).to_string()
} }
///
/// Deserialization methods
///
use std::collections::BTreeMap as Map;
use serde::de::{self, Deserialize, DeserializeOwned, Deserializer};
use serde_json::Value;
/// https://github.com/serde-rs/serde/issues/586
pub fn upcase_deserialize<'de, T, D>(deserializer: D) -> Result<T, D::Error>
where T: DeserializeOwned,
D: Deserializer<'de>
{
let map = Map::<String, Value>::deserialize(deserializer)?;
let lower = map.into_iter().map(|(k, v)| (upcase_first(&k), v)).collect();
T::deserialize(Value::Object(lower)).map_err(de::Error::custom)
}
#[derive(PartialEq, Serialize, Deserialize)]
pub struct UpCase<T: DeserializeOwned> {
#[serde(deserialize_with = "upcase_deserialize")]
#[serde(flatten)]
pub data: T,
}