topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix invitation logic for new registration flow

pull/5691/head
Stefan Melmuk 4 weeks ago
parent
60a94740ef
commit
1d5606ffe2
No known key found for this signature in database GPG Key ID: 817020C608FE9C09
1 changed files with 10 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      src/api/core/accounts.rs

26
src/api/core/accounts.rs
View File

@ -86,7 +86,6 @@ pub struct RegisterData {
name: Option<String>, name: Option<String>,
token: Option<String>,
#[allow(dead_code)] #[allow(dead_code)]
organization_user_id: Option<MembershipId>, organization_user_id: Option<MembershipId>,
@ -94,6 +93,7 @@ pub struct RegisterData {
email_verification_token: Option<String>, email_verification_token: Option<String>,
accept_emergency_access_id: Option<EmergencyAccessId>, accept_emergency_access_id: Option<EmergencyAccessId>,
accept_emergency_access_invite_token: Option<String>, accept_emergency_access_invite_token: Option<String>,
#[serde(alias = "token")]
org_invite_token: Option<String>, org_invite_token: Option<String>,
} }
@ -147,7 +147,6 @@ pub async fn _register(data: Json<RegisterData>, email_verification: bool, mut c
let mut email_verified = false; let mut email_verified = false;
let mut pending_emergency_access = None; let mut pending_emergency_access = None;
let mut pending_org_invite = None;
// First, validate the provided verification tokens // First, validate the provided verification tokens
if email_verification { if email_verification {
@ -201,7 +200,6 @@ pub async fn _register(data: Json<RegisterData>, email_verification: bool, mut c
err!("Claim org_user_id does not match organization_user_id") err!("Claim org_user_id does not match organization_user_id")
} }
pending_org_invite = Some((organization_user_id, claims));
email_verified = true; email_verified = true;
} }
@ -224,20 +222,17 @@ pub async fn _register(data: Json<RegisterData>, email_verification: bool, mut c
let password_hint = clean_password_hint(&data.master_password_hint); let password_hint = clean_password_hint(&data.master_password_hint);
enforce_password_hint_setting(&password_hint)?; enforce_password_hint_setting(&password_hint)?;
let mut verified_by_invite = false;
let mut user = match User::find_by_mail(&email, &mut conn).await { let mut user = match User::find_by_mail(&email, &mut conn).await {
Some(mut user) => { Some(user) => {
if !user.password_hash.is_empty() { if !user.password_hash.is_empty() {
err!("Registration not allowed or user already exists") err!("Registration not allowed or user already exists")
} }
if let Some(token) = data.token { if let Some(token) = data.org_invite_token {
let claims = decode_invite(&token)?; let claims = decode_invite(&token)?;
if claims.email == email { if claims.email == email {
// Verify the email address when signing up via a valid invite token // Verify the email address when signing up via a valid invite token
verified_by_invite = true; email_verified = true;
user.verified_at = Some(Utc::now().naive_utc());
user user
} else { } else {
err!("Registration email does not match invite email") err!("Registration email does not match invite email")
@ -264,7 +259,6 @@ pub async fn _register(data: Json<RegisterData>, email_verification: bool, mut c
if Invitation::take(&email, &mut conn).await if Invitation::take(&email, &mut conn).await
|| CONFIG.is_signup_allowed(&email) || CONFIG.is_signup_allowed(&email)
|| pending_emergency_access.is_some() || pending_emergency_access.is_some()
|| pending_org_invite.is_some()
{ {
User::new(email.clone()) User::new(email.clone())
} else { } else {
@ -284,10 +278,6 @@ pub async fn _register(data: Json<RegisterData>, email_verification: bool, mut c
user.client_kdf_iter = client_kdf_iter; user.client_kdf_iter = client_kdf_iter;
} }
if email_verified {
user.verified_at = Some(Utc::now().naive_utc());
}
user.client_kdf_memory = data.kdf_memory; user.client_kdf_memory = data.kdf_memory;
user.client_kdf_parallelism = data.kdf_parallelism; user.client_kdf_parallelism = data.kdf_parallelism;
@ -304,8 +294,12 @@ pub async fn _register(data: Json<RegisterData>, email_verification: bool, mut c
user.public_key = Some(keys.public_key); user.public_key = Some(keys.public_key);
} }
if email_verified {
user.verified_at = Some(Utc::now().naive_utc());
}
if CONFIG.mail_enabled() { if CONFIG.mail_enabled() {
if CONFIG.signups_verify() && !verified_by_invite { if CONFIG.signups_verify() && !email_verified {
if let Err(e) = mail::send_welcome_must_verify(&user.email, &user.uuid).await { if let Err(e) = mail::send_welcome_must_verify(&user.email, &user.uuid).await {
error!("Error sending welcome email: {:#?}", e); error!("Error sending welcome email: {:#?}", e);
} }
@ -314,7 +308,7 @@ pub async fn _register(data: Json<RegisterData>, email_verification: bool, mut c
error!("Error sending welcome email: {:#?}", e); error!("Error sending welcome email: {:#?}", e);
} }
if verified_by_invite && is_email_2fa_required(data.organization_user_id, &mut conn).await { if email_verified && is_email_2fa_required(data.organization_user_id, &mut conn).await {
email::activate_email_2fa(&user, &mut conn).await.ok(); email::activate_email_2fa(&user, &mut conn).await.ok();
} }
} }

Write Preview
Loading…
Cancel
Save