1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-04 02:18:00 +01:00

rust lang specific improvements

Dieser Commit ist enthalten in:
sirux88 2023-02-05 16:34:48 +01:00
Ursprung 62dfeb80f2
Commit a6558f5548

Datei anzeigen

@ -2542,7 +2542,7 @@ async fn put_reset_password(
// Sending email before resetting password to ensure working email configuration and the resulting // Sending email before resetting password to ensure working email configuration and the resulting
// user notification. Also this might add some protection against security flaws and misuse // user notification. Also this might add some protection against security flaws and misuse
if let Err(e) = mail::send_admin_reset_password(&user.email.to_lowercase(), &user.name, &org.name).await { if let Err(e) = mail::send_admin_reset_password(&user.email, &user.name, &org.name).await {
error!("Error sending user reset password email: {:#?}", e); error!("Error sending user reset password email: {:#?}", e);
} }
@ -2615,19 +2615,11 @@ async fn check_reset_password_applicable_and_permissions(
}; };
// Resetting user must be higher/equal to user to reset // Resetting user must be higher/equal to user to reset
let mut reset_allowed = false; match headers.org_user_type {
if headers.org_user_type == UserOrgType::Owner { UserOrgType::Owner => Ok(()),
reset_allowed = true; UserOrgType::Admin if target_user.atype <= UserOrgType::Admin => Ok(()),
_ => err!("No permission to reset this user's password"),
} }
if headers.org_user_type == UserOrgType::Admin {
reset_allowed = target_user.atype != (UserOrgType::Owner as i32);
}
if !reset_allowed {
err!("No permission to reset this user's password");
}
Ok(())
} }
async fn check_reset_password_applicable(org_id: &str, conn: &mut DbConn) -> EmptyResult { async fn check_reset_password_applicable(org_id: &str, conn: &mut DbConn) -> EmptyResult {