topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Stop leaking usernames when SIGNUPS_ALLOWED=false 

This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
pull/695/head
Miro Prasil 5 years ago
parent
77b78f0991
commit
00a11b1b78
1 changed files with 7 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      src/api/core/accounts.rs

8
src/api/core/accounts.rs
View File

@ -62,7 +62,11 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
let mut user = match User::find_by_mail(&data.Email, &conn) { let mut user = match User::find_by_mail(&data.Email, &conn) {
Some(user) => { Some(user) => {
if !user.password_hash.is_empty() { if !user.password_hash.is_empty() {
if CONFIG.signups_allowed() {
err!("User already exists") err!("User already exists")
} else {
err!("Registration not allowed or user already exists")
}
} }
if let Some(token) = data.Token { if let Some(token) = data.Token {
@ -82,14 +86,14 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
} else if CONFIG.signups_allowed() { } else if CONFIG.signups_allowed() {
err!("Account with this email already exists") err!("Account with this email already exists")
} else { } else {
err!("Registration not allowed") err!("Registration not allowed or user already exists")
} }
} }
None => { None => {
if CONFIG.signups_allowed() || Invitation::take(&data.Email, &conn) { if CONFIG.signups_allowed() || Invitation::take(&data.Email, &conn) {
User::new(data.Email.clone()) User::new(data.Email.clone())
} else { } else {
err!("Registration not allowed") err!("Registration not allowed or user already exists")
} }
} }
}; };

Write Preview
Loading…
Cancel
Save