mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2025-01-31 10:08:56 +01:00
Code Issues Releases Aktivität

Disable signups if SSO_ONLY is activated

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Timshel 2025-01-03 16:54:20 +01:00
Ursprung 44045a865b
Commit ce5368f7d1
3 geänderte Dateien mit 11 neuen und 8 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

2
src/api/core/mod.rs
Datei anzeigen

@ -218,7 +218,7 @@ fn config() -> Json<Value> {
"url": "https://github.com/dani-garcia/vaultwarden"
},
"settings": {
"disableUserRegistration": !crate::CONFIG.signups_allowed() && crate::CONFIG.signups_domains_whitelist().is_empty(),
"disableUserRegistration": crate::CONFIG.is_signup_disabled(),
},
"environment": {
"vault": domain,

2
src/api/web.rs
Datei anzeigen

@ -58,7 +58,7 @@ fn vaultwarden_css() -> Cached<Css<String>> {
"load_user_scss": true,
"mail_enabled": CONFIG.mail_enabled(),
"sends_allowed": CONFIG.sends_allowed(),
"signup_disabled": !CONFIG.signups_allowed() && CONFIG.signups_domains_whitelist().is_empty(),
"signup_disabled": CONFIG.is_signup_disabled(),
"sso_disabled": !CONFIG.sso_enabled(),
"sso_only": CONFIG.sso_enabled() && CONFIG.sso_only(),
"yubico_enabled": CONFIG._enable_yubico() && (CONFIG.yubico_client_id().is_some() == CONFIG.yubico_secret_key().is_some()),

15
src/config.rs
Datei anzeigen

@ -1292,6 +1292,14 @@ impl Config {
self.update_config(builder)
}
// The `signups_allowed` setting is overrided if:
// - The email whitelist is not empty (will allow signups).
// - The sso is activated and password login is disabled (will disable signups).
pub fn is_signup_disabled(&self) -> bool {
(!self.signups_allowed() && self.signups_domains_whitelist().is_empty())
|| (self.sso_enabled() && self.sso_only())
}
/// Tests whether an email's domain is allowed. A domain is allowed if it
/// is in signups_domains_whitelist, or if no whitelist is set (so there
/// are no domain restrictions in effect).
@ -1310,12 +1318,7 @@ impl Config {
/// Tests whether signup is allowed for an email address, taking into
/// account the signups_allowed and signups_domains_whitelist settings.
pub fn is_signup_allowed(&self, email: &str) -> bool {
if !self.signups_domains_whitelist().is_empty() {
// The whitelist setting overrides the signups_allowed setting.
self.is_email_domain_allowed(email)
} else {
self.signups_allowed()
}
!self.is_signup_disabled() && self.is_email_domain_allowed(email)
}
/// Tests whether the specified user is allowed to create an organization.