1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-16 04:12:53 +01:00
The organization uuid is most of the time within the uri path as a
parameter. But sometimes it only is there as a query value.

This fix checks both, and returns the uuid when possible.
Dieser Commit ist enthalten in:
BlackDex 2020-03-19 17:37:10 +01:00
Ursprung 669b101e6a
Commit baac8d9627

Datei anzeigen

@ -307,6 +307,25 @@ pub struct OrgHeaders {
pub org_user_type: UserOrgType, pub org_user_type: UserOrgType,
} }
// org_id is usually the second param ("/organizations/<org_id>")
// But there are cases where it is located in a query value.
// First check the param, if this is not a valid uuid, we will try the query value.
fn get_org_id(request: &Request) -> Option<String> {
if let Some(Ok(org_id)) = request.get_param::<String>(1) {
if uuid::Uuid::parse_str(&org_id).is_ok() {
return Some(org_id);
}
}
if let Some(Ok(org_id)) = request.get_query_value::<String>("organizationId") {
if uuid::Uuid::parse_str(&org_id).is_ok() {
return Some(org_id);
}
}
None
}
impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders { impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
type Error = &'static str; type Error = &'static str;
@ -315,60 +334,40 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
Outcome::Forward(_) => Outcome::Forward(()), Outcome::Forward(_) => Outcome::Forward(()),
Outcome::Failure(f) => Outcome::Failure(f), Outcome::Failure(f) => Outcome::Failure(f),
Outcome::Success(headers) => { Outcome::Success(headers) => {
// org_id is usually the second param ("/organizations/<org_id>") match get_org_id(request) {
// But there are cases where it is located in a query value. Some(org_id) => {
// First check the param, if this is not a valid uuid, we will try the query value. let conn = match request.guard::<DbConn>() {
let query_org_id = match request.get_query_value::<String>("organizationId") { Outcome::Success(conn) => conn,
Some(Ok(query_org_id)) => { query_org_id } _ => err_handler!("Error getting DB"),
_ => { "".into() } };
};
let param_org_id = match request.get_param::<String>(1) {
Some(Ok(param_org_id)) => { param_org_id }
_ => { "".into() }
};
let org_uuid: _ = match uuid::Uuid::parse_str(&param_org_id) { let user = headers.user;
Ok(uuid) => uuid, let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) {
_ => match uuid::Uuid::parse_str(&query_org_id) { Some(user) => {
Ok(uuid) => uuid, if user.status == UserOrgStatus::Confirmed as i32 {
_ => err_handler!("Error getting the organization id"), user
} } else {
}; err_handler!("The current user isn't confirmed member of the organization")
}
let org_id: &str = &org_uuid.to_string();
if !org_id.is_empty() {
let conn = match request.guard::<DbConn>() {
Outcome::Success(conn) => conn,
_ => err_handler!("Error getting DB"),
};
let user = headers.user;
let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) {
Some(user) => {
if user.status == UserOrgStatus::Confirmed as i32 {
user
} else {
err_handler!("The current user isn't confirmed member of the organization")
} }
} None => err_handler!("The current user isn't member of the organization"),
None => err_handler!("The current user isn't member of the organization"), };
};
Outcome::Success(Self { Outcome::Success(Self {
host: headers.host, host: headers.host,
device: headers.device, device: headers.device,
user, user,
org_user_type: { org_user_type: {
if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) { if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) {
org_usr_type org_usr_type
} else { } else {
// This should only happen if the DB is corrupted // This should only happen if the DB is corrupted
err_handler!("Unknown user type in the database") err_handler!("Unknown user type in the database")
} }
}, },
}) })
} else { },
err_handler!("Error getting the organization id") _ => err_handler!("Error getting the organization id"),
} }
} }
} }