From 26bf7bc12f9d6eda0426a545d52a7236a39cf5a7 Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Tue, 18 Dec 2018 23:16:03 -0500 Subject: [PATCH] Use upstream jslib invite/registration workflow --- src/api/core/accounts.rs | 1 - src/api/core/organizations.rs | 43 ++++++++++++++++++++++++----------- src/auth.rs | 2 ++ src/mail.rs | 4 ++-- 4 files changed, 34 insertions(+), 16 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 9f47bd11..9aea3ef2 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -74,7 +74,6 @@ fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { err!("Registration not allowed") } } else { - // User clicked email invite link, so they are already "accepted" in UserOrgs user } } diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 2c1c601f..7110e561 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -424,7 +424,10 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade } for email in data.Emails.iter() { - let mut user_org_status = UserOrgStatus::Accepted as i32; + let mut user_org_status = match CONFIG.mail { + Some(_) => UserOrgStatus::Invited as i32, + None => UserOrgStatus::Accepted as i32, // Automatically mark user as accepted if no email invites + }; let user = match User::find_by_mail(&email, &conn) { None => if CONFIG.invitations_allowed { // Invite user if that's enabled let mut invitation = Invitation::new(email.clone()); @@ -453,6 +456,7 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade }; // Don't create UserOrganization in virtual organization + let mut org_user_id = None; if org_id != Organization::VIRTUAL_ID { let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone()); let access_all = data.AccessAll.unwrap_or(false); @@ -477,6 +481,7 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade if new_user.save(&conn).is_err() { err!("Failed to add user to organization") } + org_user_id = Some(new_user.uuid.clone()); } if CONFIG.mail.is_some() { @@ -489,16 +494,17 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade iss: JWT_ISSUER.to_string(), sub: user.uuid.to_string(), email: email.clone(), + org_id: org_id.clone(), + user_org_id: org_user_id.clone(), }; let org_name = match Organization::find_by_uuid(&org_id, &conn) { Some(org) => org.name, None => err!("Error looking up organization") }; let invite_token = encode_jwt(&claims); - let org_user_id = Organization::VIRTUAL_ID; - if let Some(ref mail_config) = CONFIG.mail { - if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id, &invite_token, &org_name, mail_config) { + if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()), + &invite_token, &org_name, mail_config) { err!(format!("There has been a problem sending the email: {}", e)) } } @@ -508,24 +514,35 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade Ok(()) } -// TODO: Figure out how to make this redirect to the registration page -#[get("/organizations//users//accept?")] -fn accept_invite(org_id: String, org_user_id: String, token: String, conn: DbConn) -> EmptyResult { - let invite_claims: InviteJWTClaims = match decode_invite_jwt(&token) { +#[derive(Deserialize)] +#[allow(non_snake_case)] +struct AcceptData { + Token: String, +} + +#[post("/organizations//users//accept", data = "")] +fn accept_invite(org_id: String, org_user_id: String, data: JsonUpcase, conn: DbConn) -> EmptyResult { + let data: AcceptData = data.into_inner().data; + let token = &data.Token; + let claims: InviteJWTClaims = match decode_invite_jwt(&token) { Ok(claims) => claims, Err(msg) => err!("Invalid claim: {:#?}", msg), }; - match User::find_by_mail(&invite_claims.email, &conn) { - Some(user) => { - if Invitation::take(&invite_claims.email, &conn) { - for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() { + match User::find_by_mail(&claims.email, &conn) { + Some(_) => { + if Invitation::take(&claims.email, &conn) { + if claims.user_org_id.is_some() { + // If this isn't the virtual_org, mark userorg as accepted + let mut user_org = match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) { + Some(user_org) => user_org, + None => err!("Error accepting the invitation") + }; user_org.status = UserOrgStatus::Accepted as i32; if user_org.save(&conn).is_err() { err!("Failed to accept user to organization") } } - //rocket::response::Redirect::to(format!("/#/register?email={}", invite_claims.email)) } else { err!("Invitation for user not found") } diff --git a/src/auth.rs b/src/auth.rs index 57c13e87..0e851aa6 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -120,6 +120,8 @@ pub struct InviteJWTClaims { pub sub: String, pub email: String, + pub org_id: String, + pub user_org_id: Option, } /// diff --git a/src/mail.rs b/src/mail.rs index 2c620066..485e5c17 100644 --- a/src/mail.rs +++ b/src/mail.rs @@ -68,10 +68,10 @@ pub fn send_invite(address: &str, org_id: &str, org_user_id: &str, token: &str, format!( "

You have been invited to join the {} organization.

- Click here to join

+ Click here to join

If you do not wish to join this organization, you can safely ignore this email.

", - org_name, CONFIG.domain, org_id, org_user_id, token + org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token )) };