geforkt von mirrored/vaultwarden
Fix password reset issues
There was used a wrong macro to produce an error message when mailing the user his password was reset failed. It was using `error!()` which does not return an `Err` and aborts the rest of the code. This resulted in the users password still being resetted, but not being notified. This PR fixes this by using `err!()`. Also, do not set the user object as mutable until it really is needed. Second, when a user was using the new Argon2id KDF with custom values like memory and parallelism, that would have rendered the password incorrect. The endpoint which should return all the data did not returned all the new Argon2id values. Fixes #3388 Co-authored-by: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com>
Dieser Commit ist enthalten in:
Ursprung
525e6bb65a
Commit
2cda54ceff
1 geänderte Dateien mit 7 neuen und 3 gelöschten Zeilen
|
@ -2694,7 +2694,7 @@ async fn put_reset_password(
|
||||||
None => err!("User to reset isn't member of required organization"),
|
None => err!("User to reset isn't member of required organization"),
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut user = match User::find_by_uuid(&org_user.user_uuid, &mut conn).await {
|
let user = match User::find_by_uuid(&org_user.user_uuid, &mut conn).await {
|
||||||
Some(user) => user,
|
Some(user) => user,
|
||||||
None => err!("User not found"),
|
None => err!("User not found"),
|
||||||
};
|
};
|
||||||
|
@ -2711,11 +2711,12 @@ async fn put_reset_password(
|
||||||
// Sending email before resetting password to ensure working email configuration and the resulting
|
// Sending email before resetting password to ensure working email configuration and the resulting
|
||||||
// user notification. Also this might add some protection against security flaws and misuse
|
// user notification. Also this might add some protection against security flaws and misuse
|
||||||
if let Err(e) = mail::send_admin_reset_password(&user.email, &user.name, &org.name).await {
|
if let Err(e) = mail::send_admin_reset_password(&user.email, &user.name, &org.name).await {
|
||||||
error!("Error sending user reset password email: {:#?}", e);
|
err!(format!("Error sending user reset password email: {e:#?}"));
|
||||||
}
|
}
|
||||||
|
|
||||||
let reset_request = data.into_inner().data;
|
let reset_request = data.into_inner().data;
|
||||||
|
|
||||||
|
let mut user = user;
|
||||||
user.set_password(reset_request.NewMasterPasswordHash.as_str(), Some(reset_request.Key), true, None);
|
user.set_password(reset_request.NewMasterPasswordHash.as_str(), Some(reset_request.Key), true, None);
|
||||||
user.save(&mut conn).await?;
|
user.save(&mut conn).await?;
|
||||||
|
|
||||||
|
@ -2759,10 +2760,13 @@ async fn get_reset_password_details(
|
||||||
|
|
||||||
check_reset_password_applicable_and_permissions(&org_id, &org_user_id, &headers, &mut conn).await?;
|
check_reset_password_applicable_and_permissions(&org_id, &org_user_id, &headers, &mut conn).await?;
|
||||||
|
|
||||||
|
// https://github.com/bitwarden/server/blob/3b50ccb9f804efaacdc46bed5b60e5b28eddefcf/src/Api/Models/Response/Organizations/OrganizationUserResponseModel.cs#L111
|
||||||
Ok(Json(json!({
|
Ok(Json(json!({
|
||||||
"Object": "organizationUserResetPasswordDetails",
|
"Object": "organizationUserResetPasswordDetails",
|
||||||
"Kdf":user.client_kdf_type,
|
"Kdf":user.client_kdf_type,
|
||||||
"KdfIterations":user.client_kdf_iter,
|
"KdfIterations":user.client_kdf_iter,
|
||||||
|
"KdfMemory":user.client_kdf_memory,
|
||||||
|
"KdfParallelism":user.client_kdf_parallelism,
|
||||||
"ResetPasswordKey":org_user.reset_password_key,
|
"ResetPasswordKey":org_user.reset_password_key,
|
||||||
"EncryptedPrivateKey":org.private_key,
|
"EncryptedPrivateKey":org.private_key,
|
||||||
|
|
||||||
|
|
Laden …
In neuem Issue referenzieren