mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-11-25 22:35:39 +03:00
Validate JWT if a user registers with SMTP invites enabled
This commit is contained in:
parent
99256b9b3a
commit
2cd736ab81
1 changed files with 24 additions and 7 deletions
|
@ -4,7 +4,7 @@ use crate::db::models::*;
|
||||||
use crate::db::DbConn;
|
use crate::db::DbConn;
|
||||||
|
|
||||||
use crate::api::{EmptyResult, JsonResult, JsonUpcase, NumberOrString, PasswordData, UpdateType, WebSocketUsers};
|
use crate::api::{EmptyResult, JsonResult, JsonUpcase, NumberOrString, PasswordData, UpdateType, WebSocketUsers};
|
||||||
use crate::auth::Headers;
|
use crate::auth::{Headers, decode_invite_jwt, InviteJWTClaims};
|
||||||
use crate::mail;
|
use crate::mail;
|
||||||
|
|
||||||
use crate::CONFIG;
|
use crate::CONFIG;
|
||||||
|
@ -44,6 +44,8 @@ struct RegisterData {
|
||||||
MasterPasswordHash: String,
|
MasterPasswordHash: String,
|
||||||
MasterPasswordHint: Option<String>,
|
MasterPasswordHint: Option<String>,
|
||||||
Name: Option<String>,
|
Name: Option<String>,
|
||||||
|
Token: Option<String>,
|
||||||
|
OrganizationUserId: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Deserialize, Debug)]
|
#[derive(Deserialize, Debug)]
|
||||||
|
@ -59,22 +61,37 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
|
||||||
|
|
||||||
let mut user = match User::find_by_mail(&data.Email, &conn) {
|
let mut user = match User::find_by_mail(&data.Email, &conn) {
|
||||||
Some(user) => {
|
Some(user) => {
|
||||||
if CONFIG.mail.is_none() {
|
if Invitation::find_by_mail(&data.Email, &conn).is_some() {
|
||||||
if Invitation::take(&data.Email, &conn) {
|
if CONFIG.mail.is_none() {
|
||||||
for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
|
for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
|
||||||
user_org.status = UserOrgStatus::Accepted as i32;
|
user_org.status = UserOrgStatus::Accepted as i32;
|
||||||
if user_org.save(&conn).is_err() {
|
if user_org.save(&conn).is_err() {
|
||||||
err!("Failed to accept user to organization")
|
err!("Failed to accept user to organization")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if !Invitation::take(&data.Email, &conn) {
|
||||||
|
err!("Error accepting invitation")
|
||||||
|
}
|
||||||
user
|
user
|
||||||
} else if CONFIG.signups_allowed {
|
|
||||||
err!("Account with this email already exists")
|
|
||||||
} else {
|
} else {
|
||||||
err!("Registration not allowed")
|
let token = match &data.Token {
|
||||||
|
Some(token) => token,
|
||||||
|
None => err!("No valid invite token")
|
||||||
|
};
|
||||||
|
let claims: InviteJWTClaims = match decode_invite_jwt(&token) {
|
||||||
|
Ok(claims) => claims,
|
||||||
|
Err(msg) => err!("Invalid claim: {:#?}", msg),
|
||||||
|
};
|
||||||
|
if &claims.email == &data.Email {
|
||||||
|
user
|
||||||
|
} else {
|
||||||
|
err!("Registration email does not match invite email")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
} else if CONFIG.signups_allowed {
|
||||||
|
err!("Account with this email already exists")
|
||||||
} else {
|
} else {
|
||||||
user
|
err!("Registration not allowed")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
|
|
Loading…
Reference in a new issue