1
0
Fork 0
Dieser Commit ist enthalten in:
Daniel García 2019-12-06 22:12:41 +01:00
Ursprung a5aa4d9b54
Commit 912e1f93b7
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: FC8A7D14C3CD543A
2 geänderte Dateien mit 14 neuen und 17 gelöschten Zeilen

Datei anzeigen

@ -1,13 +1,13 @@
use rocket_contrib::json::Json;
use chrono::Utc;
use rocket_contrib::json::Json;
use crate::db::models::*;
use crate::db::DbConn;
use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
use crate::auth::{decode_invite, decode_delete, decode_verify_email, Headers};
use crate::mail;
use crate::auth::{decode_delete, decode_invite, decode_verify_email, Headers};
use crate::crypto;
use crate::mail;
use crate::CONFIG;
@ -414,20 +414,21 @@ fn post_email(data: JsonUpcase<ChangeEmailData>, headers: Headers, conn: DbConn)
match user.email_new {
Some(ref val) => {
if *val != data.NewEmail.to_string() {
if val != &data.NewEmail {
err!("Email change mismatch");
}
},
}
None => err!("No email change pending"),
}
if CONFIG.mail_enabled() {
// Only check the token if we sent out an email...
match user.email_new_token {
Some(ref val) =>
Some(ref val) => {
if *val != data.Token.into_string() {
err!("Token mismatch");
}
}
None => err!("No email change pending"),
}
user.verified_at = Some(Utc::now().naive_utc());
@ -480,11 +481,9 @@ fn post_verify_email_token(data: JsonUpcase<VerifyEmailTokenData>, conn: DbConn)
Ok(claims) => claims,
Err(_) => err!("Invalid claim"),
};
if claims.sub != user.uuid {
err!("Invalid claim");
}
user.verified_at = Some(Utc::now().naive_utc());
user.last_verifying_at = None;
user.login_verify_count = 0;
@ -543,11 +542,9 @@ fn post_delete_recover_token(data: JsonUpcase<DeleteRecoverTokenData>, conn: DbC
Ok(claims) => claims,
Err(_) => err!("Invalid claim"),
};
if claims.sub != user.uuid {
err!("Invalid claim");
}
user.delete(&conn)
}

Datei anzeigen

@ -1,9 +1,9 @@
use chrono::Utc;
use num_traits::FromPrimitive;
use rocket::request::{Form, FormItems, FromForm};
use rocket::Route;
use rocket_contrib::json::Json;
use serde_json::Value;
use chrono::Utc;
use crate::api::core::two_factor::email::EmailTokenData;
use crate::api::core::two_factor::{duo, email, yubikey};
@ -97,7 +97,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
)
}
if !user.verified_at.is_some() && CONFIG.mail_enabled() && CONFIG.signups_verify() {
if user.verified_at.is_none() && CONFIG.mail_enabled() && CONFIG.signups_verify() {
let now = Utc::now().naive_utc();
if user.last_verifying_at.is_none() || now.signed_duration_since(user.last_verifying_at.unwrap()).num_seconds() > CONFIG.signups_verify_resend_time() as i64 {
let resend_limit = CONFIG.signups_verify_resend_limit() as i32;
@ -106,7 +106,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
// their email address, and we haven't sent them a reminder in a while...
let mut user = user;
user.last_verifying_at = Some(now);
user.login_verify_count = user.login_verify_count + 1;
user.login_verify_count += 1;
if let Err(e) = user.save(&conn) {
error!("Error updating user: {:#?}", e);