From 0e57f05731f21a20e321de4d59a0004e66bcf638 Mon Sep 17 00:00:00 2001 From: Timshel Date: Mon, 1 Sep 2025 20:13:02 +0200 Subject: [PATCH 1/3] Change OIDC dummy identifier --- src/sso.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sso.rs b/src/sso.rs index 8e746114..190077fa 100644 --- a/src/sso.rs +++ b/src/sso.rs @@ -19,7 +19,7 @@ use crate::{ CONFIG, }; -pub static FAKE_IDENTIFIER: &str = "Vaultwarden"; +pub static FAKE_IDENTIFIER: &str = "DUMMY_IDENTIFIER_FOR_OIDC"; static AC_CACHE: Lazy> = Lazy::new(|| Cache::builder().max_capacity(1000).time_to_live(Duration::from_secs(10 * 60)).build()); From 3b3316d2dd82d280d5c2a733819fbc5364baad3a Mon Sep 17 00:00:00 2001 From: Timshel Date: Tue, 2 Sep 2025 15:50:05 +0000 Subject: [PATCH 2/3] Update src/sso.rs Co-authored-by: Helmut K. C. Tessarek --- src/sso.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sso.rs b/src/sso.rs index 190077fa..71793dbd 100644 --- a/src/sso.rs +++ b/src/sso.rs @@ -19,7 +19,7 @@ use crate::{ CONFIG, }; -pub static FAKE_IDENTIFIER: &str = "DUMMY_IDENTIFIER_FOR_OIDC"; +pub static FAKE_IDENTIFIER: &str = "VW_DUMMY_IDENTIFIER_FOR_OIDC"; static AC_CACHE: Lazy> = Lazy::new(|| Cache::builder().max_capacity(1000).time_to_live(Duration::from_secs(10 * 60)).build()); From 2941f82532aa317c243565ab190447e9438fded8 Mon Sep 17 00:00:00 2001 From: Timshel Date: Tue, 16 Sep 2025 17:47:14 +0200 Subject: [PATCH 3/3] Use Org uuid as identifier --- src/api/core/accounts.rs | 2 +- src/api/core/organizations.rs | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index c14bcef2..44ff8b6d 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -367,7 +367,7 @@ async fn post_set_password(data: Json, headers: Headers, mut co if let Some(identifier) = data.org_identifier { if identifier != crate::sso::FAKE_IDENTIFIER { - let org = match Organization::find_by_name(&identifier, &mut conn).await { + let org = match Organization::find_by_uuid(&identifier.into(), &mut conn).await { None => err!("Failed to retrieve the associated organization"), Some(org) => org, }; diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 22712003..f2475314 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -339,7 +339,7 @@ async fn get_user_collections(headers: Headers, mut conn: DbConn) -> Json } // Called during the SSO enrollment -// The `identifier` should be the value returned by `get_org_domain_sso_details` +// The `identifier` should be the value returned by `get_org_domain_sso_verified` // The returned `Id` will then be passed to `get_master_password_policy` which will mainly ignore it #[get("/organizations//auto-enroll-status")] async fn get_auto_enroll_status(identifier: &str, headers: Headers, mut conn: DbConn) -> JsonResult { @@ -349,7 +349,7 @@ async fn get_auto_enroll_status(identifier: &str, headers: Headers, mut conn: Db None => None, } } else { - Organization::find_by_name(identifier, &mut conn).await + Organization::find_by_uuid(&identifier.into(), &mut conn).await }; let (id, identifier, rp_auto_enroll) = match org { @@ -977,17 +977,17 @@ async fn get_org_domain_sso_verified(data: Json, mut conn: DbC let identifiers = match Organization::find_org_user_email(&data.email, &mut conn) .await .into_iter() - .map(|o| o.name) - .collect::>() + .map(|o| (o.name, o.uuid.to_string())) + .collect::>() { v if !v.is_empty() => v, - _ => vec![crate::sso::FAKE_IDENTIFIER.to_string()], + _ => vec![(crate::sso::FAKE_IDENTIFIER.to_string(), crate::sso::FAKE_IDENTIFIER.to_string())], }; Ok(Json(json!({ "object": "list", - "data": identifiers.into_iter().map(|identifier| json!({ - "organizationName": identifier, // appear unused + "data": identifiers.into_iter().map(|(name, identifier)| json!({ + "organizationName": name, // appear unused "organizationIdentifier": identifier, "domainName": CONFIG.domain(), // appear unused })).collect::>()