1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-25 05:40:29 +01:00

Merge pull request #3632 from sirux88/fix-reset-password-check-issue

fix missing password check while manual reset password enrollment
Dieser Commit ist enthalten in:
Daniel García 2023-07-04 20:55:34 +02:00 committet von GitHub
Commit 814ce9a6ac
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: 4AEE18F83AFDEB23

Datei anzeigen

@ -2675,6 +2675,7 @@ async fn delete_group_user(
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct OrganizationUserResetPasswordEnrollmentRequest { struct OrganizationUserResetPasswordEnrollmentRequest {
ResetPasswordKey: Option<String>, ResetPasswordKey: Option<String>,
MasterPasswordHash: Option<String>,
} }
#[derive(Deserialize)] #[derive(Deserialize)]
@ -2856,6 +2857,17 @@ async fn put_reset_password_enrollment(
err!("Reset password can't be withdrawed due to an enterprise policy"); err!("Reset password can't be withdrawed due to an enterprise policy");
} }
if reset_request.ResetPasswordKey.is_some() {
match reset_request.MasterPasswordHash {
Some(password) => {
if !headers.user.check_valid_password(&password) {
err!("Invalid or wrong password")
}
}
None => err!("No password provided"),
};
}
org_user.reset_password_key = reset_request.ResetPasswordKey; org_user.reset_password_key = reset_request.ResetPasswordKey;
org_user.save(&mut conn).await?; org_user.save(&mut conn).await?;