geforkt von mirrored/vaultwarden
Validate JWT if a user registers with SMTP invites enabled
Dieser Commit ist enthalten in:
Ursprung
99256b9b3a
Commit
2cd736ab81
1 geänderte Dateien mit 24 neuen und 7 gelöschten Zeilen
|
@ -4,7 +4,7 @@ use crate::db::models::*;
|
||||||
use crate::db::DbConn;
|
use crate::db::DbConn;
|
||||||
|
|
||||||
use crate::api::{EmptyResult, JsonResult, JsonUpcase, NumberOrString, PasswordData, UpdateType, WebSocketUsers};
|
use crate::api::{EmptyResult, JsonResult, JsonUpcase, NumberOrString, PasswordData, UpdateType, WebSocketUsers};
|
||||||
use crate::auth::Headers;
|
use crate::auth::{Headers, decode_invite_jwt, InviteJWTClaims};
|
||||||
use crate::mail;
|
use crate::mail;
|
||||||
|
|
||||||
use crate::CONFIG;
|
use crate::CONFIG;
|
||||||
|
@ -44,6 +44,8 @@ struct RegisterData {
|
||||||
MasterPasswordHash: String,
|
MasterPasswordHash: String,
|
||||||
MasterPasswordHint: Option<String>,
|
MasterPasswordHint: Option<String>,
|
||||||
Name: Option<String>,
|
Name: Option<String>,
|
||||||
|
Token: Option<String>,
|
||||||
|
OrganizationUserId: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Deserialize, Debug)]
|
#[derive(Deserialize, Debug)]
|
||||||
|
@ -59,23 +61,38 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
|
||||||
|
|
||||||
let mut user = match User::find_by_mail(&data.Email, &conn) {
|
let mut user = match User::find_by_mail(&data.Email, &conn) {
|
||||||
Some(user) => {
|
Some(user) => {
|
||||||
|
if Invitation::find_by_mail(&data.Email, &conn).is_some() {
|
||||||
if CONFIG.mail.is_none() {
|
if CONFIG.mail.is_none() {
|
||||||
if Invitation::take(&data.Email, &conn) {
|
|
||||||
for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
|
for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
|
||||||
user_org.status = UserOrgStatus::Accepted as i32;
|
user_org.status = UserOrgStatus::Accepted as i32;
|
||||||
if user_org.save(&conn).is_err() {
|
if user_org.save(&conn).is_err() {
|
||||||
err!("Failed to accept user to organization")
|
err!("Failed to accept user to organization")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if !Invitation::take(&data.Email, &conn) {
|
||||||
|
err!("Error accepting invitation")
|
||||||
|
}
|
||||||
user
|
user
|
||||||
|
} else {
|
||||||
|
let token = match &data.Token {
|
||||||
|
Some(token) => token,
|
||||||
|
None => err!("No valid invite token")
|
||||||
|
};
|
||||||
|
let claims: InviteJWTClaims = match decode_invite_jwt(&token) {
|
||||||
|
Ok(claims) => claims,
|
||||||
|
Err(msg) => err!("Invalid claim: {:#?}", msg),
|
||||||
|
};
|
||||||
|
if &claims.email == &data.Email {
|
||||||
|
user
|
||||||
|
} else {
|
||||||
|
err!("Registration email does not match invite email")
|
||||||
|
}
|
||||||
|
}
|
||||||
} else if CONFIG.signups_allowed {
|
} else if CONFIG.signups_allowed {
|
||||||
err!("Account with this email already exists")
|
err!("Account with this email already exists")
|
||||||
} else {
|
} else {
|
||||||
err!("Registration not allowed")
|
err!("Registration not allowed")
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
user
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
if CONFIG.signups_allowed || (CONFIG.mail.is_none() && Invitation::take(&data.Email, &conn)) {
|
if CONFIG.signups_allowed || (CONFIG.mail.is_none() && Invitation::take(&data.Email, &conn)) {
|
||||||
|
|
Laden …
In neuem Issue referenzieren