Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-12-01 06:31:11 +01:00
Allow email changes for existing accounts even when signups are disabled
Dieser Commit ist enthalten in:
Ursprung
c5d7e3f2bc
Commit
a314933557
3 geänderte Dateien mit 9 neuen und 8 gelöschten Zeilen
|
@ -379,8 +379,8 @@ fn post_email_token(data: JsonUpcase<EmailTokenData>, headers: Headers, conn: Db
|
||||||
err!("Email already in use");
|
err!("Email already in use");
|
||||||
}
|
}
|
||||||
|
|
||||||
if !CONFIG.is_signup_allowed(&data.NewEmail) {
|
if !CONFIG.is_email_domain_allowed(&data.NewEmail) {
|
||||||
err!("Email cannot be changed to this address");
|
err!("Email domain not allowed");
|
||||||
}
|
}
|
||||||
|
|
||||||
let token = crypto::generate_token(6)?;
|
let token = crypto::generate_token(6)?;
|
||||||
|
|
|
@ -488,7 +488,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
err!(format!("User does not exist: {}", email))
|
err!(format!("User does not exist: {}", email))
|
||||||
}
|
}
|
||||||
|
|
||||||
if !CONFIG.signups_domains_whitelist().is_empty() && !CONFIG.is_email_domain_whitelisted(&email) {
|
if !CONFIG.is_email_domain_allowed(&email) {
|
||||||
err!("Email domain not eligible for invitations")
|
err!("Email domain not eligible for invitations")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -558,9 +558,10 @@ impl Config {
|
||||||
self.update_config(builder)
|
self.update_config(builder)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Tests whether an email's domain is in signups_domains_whitelist.
|
/// Tests whether an email's domain is allowed. A domain is allowed if it
|
||||||
/// Returns false if no whitelist is set.
|
/// is in signups_domains_whitelist, or if no whitelist is set (so there
|
||||||
pub fn is_email_domain_whitelisted(&self, email: &str) -> bool {
|
/// are no domain restrictions in effect).
|
||||||
|
pub fn is_email_domain_allowed(&self, email: &str) -> bool {
|
||||||
let e: Vec<&str> = email.rsplitn(2, '@').collect();
|
let e: Vec<&str> = email.rsplitn(2, '@').collect();
|
||||||
if e.len() != 2 || e[0].is_empty() || e[1].is_empty() {
|
if e.len() != 2 || e[0].is_empty() || e[1].is_empty() {
|
||||||
warn!("Failed to parse email address '{}'", email);
|
warn!("Failed to parse email address '{}'", email);
|
||||||
|
@ -569,7 +570,7 @@ impl Config {
|
||||||
let email_domain = e[0].to_lowercase();
|
let email_domain = e[0].to_lowercase();
|
||||||
let whitelist = self.signups_domains_whitelist();
|
let whitelist = self.signups_domains_whitelist();
|
||||||
|
|
||||||
!whitelist.is_empty() && whitelist.split(',').any(|d| d.trim() == email_domain)
|
whitelist.is_empty() || whitelist.split(',').any(|d| d.trim() == email_domain)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Tests whether signup is allowed for an email address, taking into
|
/// Tests whether signup is allowed for an email address, taking into
|
||||||
|
@ -577,7 +578,7 @@ impl Config {
|
||||||
pub fn is_signup_allowed(&self, email: &str) -> bool {
|
pub fn is_signup_allowed(&self, email: &str) -> bool {
|
||||||
if !self.signups_domains_whitelist().is_empty() {
|
if !self.signups_domains_whitelist().is_empty() {
|
||||||
// The whitelist setting overrides the signups_allowed setting.
|
// The whitelist setting overrides the signups_allowed setting.
|
||||||
self.is_email_domain_whitelisted(email)
|
self.is_email_domain_allowed(email)
|
||||||
} else {
|
} else {
|
||||||
self.signups_allowed()
|
self.signups_allowed()
|
||||||
}
|
}
|
||||||
|
|
Laden …
In neuem Issue referenzieren