From 84fa5a4ed6b4cbbec7cf21ff22a067b14a2f66d5 Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Sat, 29 Dec 2018 23:24:38 -0500 Subject: [PATCH 1/3] Implement reinvite endpoint --- src/api/core/organizations.rs | 56 +++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index c2683830..121eab69 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -37,6 +37,7 @@ pub fn routes() -> Vec { get_org_details, get_org_users, send_invite, + reinvite_user, confirm_invite, accept_invite, get_user, @@ -514,6 +515,61 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade Ok(()) } +#[post("/organizations//users//reinvite", data = "<_data>")] +fn reinvite_user(org_id: String, user_uuid: String, _data: JsonUpcase, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { + if !CONFIG.invitations_allowed { + err!("Invitations are not allowed.") + } + + if CONFIG.mail.is_none() { + err!("SMTP is not configured.") + } + + let user = match User::find_by_uuid(&user_uuid, &conn) { + Some(user) => user, + None => err!("User not found."), + }; + + if Invitation::find_by_mail(&user.email, &conn).is_none() { + err!("No invitation found for user.") + } + + let mut org_user_id = None; + if org_id != Organization::VIRTUAL_ID { + org_user_id = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) { + Some(org_user) => Some(org_user.uuid), + None => None, + }; + } + use crate::mail; + use chrono::{Duration, Utc}; + let time_now = Utc::now().naive_utc(); + let claims = InviteJWTClaims { + nbf: time_now.timestamp(), + exp: (time_now + Duration::days(5)).timestamp(), + iss: JWT_ISSUER.to_string(), + sub: user.uuid.to_string(), + email: user.email.clone(), + org_id: org_id.clone(), + user_org_id: org_user_id.clone(), + }; + + let org_name = match Organization::find_by_uuid(&org_id, &conn) { + Some(org) => org.name, + None => err!("Error looking up organization") + }; + + let invite_token = encode_jwt(&claims); + if let Some(ref mail_config) = CONFIG.mail { + if let Err(e) = mail::send_invite(&user.email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()), + &invite_token, &org_name, mail_config) { + err!(format!("There has been a problem sending the email: {}", e)) + } + } + + Ok(()) +} + #[derive(Deserialize)] #[allow(non_snake_case)] struct AcceptData { From 3142d8d01f7dc0c0d1f8c5d996a6218e27d5e96a Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Sat, 29 Dec 2018 23:28:19 -0500 Subject: [PATCH 2/3] Add more detail to invitation not found error --- src/api/core/organizations.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 121eab69..8199d9c6 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -531,7 +531,7 @@ fn reinvite_user(org_id: String, user_uuid: String, _data: JsonUpcase Date: Sun, 30 Dec 2018 00:19:01 -0500 Subject: [PATCH 3/3] Refactor invite claims and disallow reinvites to virtual_org --- src/api/core/organizations.rs | 77 +++++++++++++++-------------------- 1 file changed, 33 insertions(+), 44 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 8199d9c6..b3350fb9 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -10,8 +10,12 @@ use crate::db::models::*; use crate::api::{PasswordData, JsonResult, EmptyResult, NumberOrString, JsonUpcase, WebSocketUsers, UpdateType}; use crate::auth::{Headers, AdminHeaders, OwnerHeaders, encode_jwt, decode_invite_jwt, InviteJWTClaims, JWT_ISSUER}; +use crate::mail; + use serde::{Deserialize, Deserializer}; +use chrono::{Duration, Utc}; + use rocket::Route; pub fn routes() -> Vec { @@ -45,7 +49,6 @@ pub fn routes() -> Vec { put_organization_user, delete_user, post_delete_user, - post_reinvite_user, post_org_import, ] } @@ -486,22 +489,11 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade } if CONFIG.mail.is_some() { - use crate::mail; - use chrono::{Duration, Utc}; - let time_now = Utc::now().naive_utc(); - let claims = InviteJWTClaims { - nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), - iss: JWT_ISSUER.to_string(), - sub: user.uuid.to_string(), - email: email.clone(), - org_id: org_id.clone(), - user_org_id: org_user_id.clone(), - }; let org_name = match Organization::find_by_uuid(&org_id, &conn) { Some(org) => org.name, None => err!("Error looking up organization") }; + let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), org_user_id.clone()); let invite_token = encode_jwt(&claims); if let Some(ref mail_config) = CONFIG.mail { if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()), @@ -515,8 +507,8 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade Ok(()) } -#[post("/organizations//users//reinvite", data = "<_data>")] -fn reinvite_user(org_id: String, user_uuid: String, _data: JsonUpcase, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { +#[post("/organizations//users//reinvite")] +fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { if !CONFIG.invitations_allowed { err!("Invitations are not allowed.") } @@ -525,7 +517,16 @@ fn reinvite_user(org_id: String, user_uuid: String, _data: JsonUpcase user_org, + None => err!("UserOrg not found."), + }; + + let user = match User::find_by_uuid(&user_org.user_uuid, &conn) { Some(user) => user, None => err!("User not found."), }; @@ -534,35 +535,15 @@ fn reinvite_user(org_id: String, user_uuid: String, _data: JsonUpcase Some(org_user.uuid), - None => None, - }; - } - use crate::mail; - use chrono::{Duration, Utc}; - let time_now = Utc::now().naive_utc(); - let claims = InviteJWTClaims { - nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), - iss: JWT_ISSUER.to_string(), - sub: user.uuid.to_string(), - email: user.email.clone(), - org_id: org_id.clone(), - user_org_id: org_user_id.clone(), - }; - let org_name = match Organization::find_by_uuid(&org_id, &conn) { Some(org) => org.name, - None => err!("Error looking up organization") + None => err!("Error looking up organization.") }; + let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), Some(user_org.uuid.clone())); let invite_token = encode_jwt(&claims); if let Some(ref mail_config) = CONFIG.mail { - if let Err(e) = mail::send_invite(&user.email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()), - &invite_token, &org_name, mail_config) { + if let Err(e) = mail::send_invite(&user.email, &org_id, &user_org.uuid, &invite_token, &org_name, mail_config) { err!(format!("There has been a problem sending the email: {}", e)) } } @@ -576,6 +557,19 @@ struct AcceptData { Token: String, } +fn generate_invite_claims(uuid: String, email: String, org_id: String, org_user_id: Option) -> InviteJWTClaims { + let time_now = Utc::now().naive_utc(); + InviteJWTClaims { + nbf: time_now.timestamp(), + exp: (time_now + Duration::days(5)).timestamp(), + iss: JWT_ISSUER.to_string(), + sub: uuid.clone(), + email: email.clone(), + org_id: org_id.clone(), + user_org_id: org_user_id.clone(), + } +} + #[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "")] fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase, conn: DbConn) -> EmptyResult { // The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead @@ -784,11 +778,6 @@ fn post_delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, delete_user(org_id, org_user_id, headers, conn) } -#[post("/organizations/<_org_id>/users/<_org_user_id>/reinvite")] -fn post_reinvite_user(_org_id: String, _org_user_id: String, _headers: AdminHeaders, _conn: DbConn) -> EmptyResult { - err!("This functionality is not implemented. The user needs to manually register before they can be accepted into the organization.") -} - use super::ciphers::CipherData; use super::ciphers::update_cipher_from_data;