geforkt von mirrored/vaultwarden
Use upstream jslib invite/registration workflow
Dieser Commit ist enthalten in:
Ursprung
9479108fb7
Commit
26bf7bc12f
4 geänderte Dateien mit 34 neuen und 16 gelöschten Zeilen
|
@ -74,7 +74,6 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
|
||||||
err!("Registration not allowed")
|
err!("Registration not allowed")
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// User clicked email invite link, so they are already "accepted" in UserOrgs
|
|
||||||
user
|
user
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -424,7 +424,10 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
}
|
}
|
||||||
|
|
||||||
for email in data.Emails.iter() {
|
for email in data.Emails.iter() {
|
||||||
let mut user_org_status = UserOrgStatus::Accepted as i32;
|
let mut user_org_status = match CONFIG.mail {
|
||||||
|
Some(_) => UserOrgStatus::Invited as i32,
|
||||||
|
None => UserOrgStatus::Accepted as i32, // Automatically mark user as accepted if no email invites
|
||||||
|
};
|
||||||
let user = match User::find_by_mail(&email, &conn) {
|
let user = match User::find_by_mail(&email, &conn) {
|
||||||
None => if CONFIG.invitations_allowed { // Invite user if that's enabled
|
None => if CONFIG.invitations_allowed { // Invite user if that's enabled
|
||||||
let mut invitation = Invitation::new(email.clone());
|
let mut invitation = Invitation::new(email.clone());
|
||||||
|
@ -453,6 +456,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
};
|
};
|
||||||
|
|
||||||
// Don't create UserOrganization in virtual organization
|
// Don't create UserOrganization in virtual organization
|
||||||
|
let mut org_user_id = None;
|
||||||
if org_id != Organization::VIRTUAL_ID {
|
if org_id != Organization::VIRTUAL_ID {
|
||||||
let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone());
|
let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone());
|
||||||
let access_all = data.AccessAll.unwrap_or(false);
|
let access_all = data.AccessAll.unwrap_or(false);
|
||||||
|
@ -477,6 +481,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
if new_user.save(&conn).is_err() {
|
if new_user.save(&conn).is_err() {
|
||||||
err!("Failed to add user to organization")
|
err!("Failed to add user to organization")
|
||||||
}
|
}
|
||||||
|
org_user_id = Some(new_user.uuid.clone());
|
||||||
}
|
}
|
||||||
|
|
||||||
if CONFIG.mail.is_some() {
|
if CONFIG.mail.is_some() {
|
||||||
|
@ -489,16 +494,17 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
iss: JWT_ISSUER.to_string(),
|
iss: JWT_ISSUER.to_string(),
|
||||||
sub: user.uuid.to_string(),
|
sub: user.uuid.to_string(),
|
||||||
email: email.clone(),
|
email: email.clone(),
|
||||||
|
org_id: org_id.clone(),
|
||||||
|
user_org_id: org_user_id.clone(),
|
||||||
};
|
};
|
||||||
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
||||||
Some(org) => org.name,
|
Some(org) => org.name,
|
||||||
None => err!("Error looking up organization")
|
None => err!("Error looking up organization")
|
||||||
};
|
};
|
||||||
let invite_token = encode_jwt(&claims);
|
let invite_token = encode_jwt(&claims);
|
||||||
let org_user_id = Organization::VIRTUAL_ID;
|
|
||||||
|
|
||||||
if let Some(ref mail_config) = CONFIG.mail {
|
if let Some(ref mail_config) = CONFIG.mail {
|
||||||
if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id, &invite_token, &org_name, mail_config) {
|
if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()),
|
||||||
|
&invite_token, &org_name, mail_config) {
|
||||||
err!(format!("There has been a problem sending the email: {}", e))
|
err!(format!("There has been a problem sending the email: {}", e))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -508,24 +514,35 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Figure out how to make this redirect to the registration page
|
#[derive(Deserialize)]
|
||||||
#[get("/organizations/<org_id>/users/<org_user_id>/accept?<token>")]
|
#[allow(non_snake_case)]
|
||||||
fn accept_invite(org_id: String, org_user_id: String, token: String, conn: DbConn) -> EmptyResult {
|
struct AcceptData {
|
||||||
let invite_claims: InviteJWTClaims = match decode_invite_jwt(&token) {
|
Token: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[post("/organizations/<org_id>/users/<org_user_id>/accept", data = "<data>")]
|
||||||
|
fn accept_invite(org_id: String, org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
|
||||||
|
let data: AcceptData = data.into_inner().data;
|
||||||
|
let token = &data.Token;
|
||||||
|
let claims: InviteJWTClaims = match decode_invite_jwt(&token) {
|
||||||
Ok(claims) => claims,
|
Ok(claims) => claims,
|
||||||
Err(msg) => err!("Invalid claim: {:#?}", msg),
|
Err(msg) => err!("Invalid claim: {:#?}", msg),
|
||||||
};
|
};
|
||||||
|
|
||||||
match User::find_by_mail(&invite_claims.email, &conn) {
|
match User::find_by_mail(&claims.email, &conn) {
|
||||||
Some(user) => {
|
Some(_) => {
|
||||||
if Invitation::take(&invite_claims.email, &conn) {
|
if Invitation::take(&claims.email, &conn) {
|
||||||
for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
|
if claims.user_org_id.is_some() {
|
||||||
|
// If this isn't the virtual_org, mark userorg as accepted
|
||||||
|
let mut user_org = match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) {
|
||||||
|
Some(user_org) => user_org,
|
||||||
|
None => err!("Error accepting the invitation")
|
||||||
|
};
|
||||||
user_org.status = UserOrgStatus::Accepted as i32;
|
user_org.status = UserOrgStatus::Accepted as i32;
|
||||||
if user_org.save(&conn).is_err() {
|
if user_org.save(&conn).is_err() {
|
||||||
err!("Failed to accept user to organization")
|
err!("Failed to accept user to organization")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//rocket::response::Redirect::to(format!("/#/register?email={}", invite_claims.email))
|
|
||||||
} else {
|
} else {
|
||||||
err!("Invitation for user not found")
|
err!("Invitation for user not found")
|
||||||
}
|
}
|
||||||
|
|
|
@ -120,6 +120,8 @@ pub struct InviteJWTClaims {
|
||||||
pub sub: String,
|
pub sub: String,
|
||||||
|
|
||||||
pub email: String,
|
pub email: String,
|
||||||
|
pub org_id: String,
|
||||||
|
pub user_org_id: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
///
|
///
|
||||||
|
|
|
@ -68,10 +68,10 @@ pub fn send_invite(address: &str, org_id: &str, org_user_id: &str, token: &str,
|
||||||
format!(
|
format!(
|
||||||
"<html>
|
"<html>
|
||||||
<p>You have been invited to join the <b>{}</b> organization.<br><br>
|
<p>You have been invited to join the <b>{}</b> organization.<br><br>
|
||||||
<a href=\"https://{}/api/organizations/{}/users/{}/accept?token={}\">Click here to join</a></p>
|
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
|
||||||
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
|
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
|
||||||
</html>",
|
</html>",
|
||||||
org_name, CONFIG.domain, org_id, org_user_id, token
|
org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token
|
||||||
))
|
))
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Laden …
In neuem Issue referenzieren