|
|
@ -744,6 +744,11 @@ async fn register_verification_email( |
|
|
|
|
|
|
|
|
let should_send_mail = CONFIG.mail_enabled() && CONFIG.signups_verify(); |
|
|
let should_send_mail = CONFIG.mail_enabled() && CONFIG.signups_verify(); |
|
|
|
|
|
|
|
|
|
|
|
let token_claims = |
|
|
|
|
|
crate::auth::generate_register_verify_claims(data.email.clone(), data.name.clone(), should_send_mail); |
|
|
|
|
|
let token = crate::auth::encode_jwt(&token_claims); |
|
|
|
|
|
|
|
|
|
|
|
if should_send_mail { |
|
|
if User::find_by_mail(&data.email, &mut conn).await.is_some() { |
|
|
if User::find_by_mail(&data.email, &mut conn).await.is_some() { |
|
|
if should_send_mail { |
|
|
if should_send_mail { |
|
|
// There is still a timing side channel here in that the code
|
|
|
// There is still a timing side channel here in that the code
|
|
|
@ -755,15 +760,9 @@ async fn register_verification_email( |
|
|
let sleep_ms = (1_000 + rng.random_range(-delta..=delta)) as u64; |
|
|
let sleep_ms = (1_000 + rng.random_range(-delta..=delta)) as u64; |
|
|
tokio::time::sleep(tokio::time::Duration::from_millis(sleep_ms)).await; |
|
|
tokio::time::sleep(tokio::time::Duration::from_millis(sleep_ms)).await; |
|
|
} |
|
|
} |
|
|
return Ok(RegisterVerificationResponse::NoContent(())); |
|
|
} else { |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
let token_claims = |
|
|
|
|
|
crate::auth::generate_register_verify_claims(data.email.clone(), data.name.clone(), should_send_mail); |
|
|
|
|
|
let token = crate::auth::encode_jwt(&token_claims); |
|
|
|
|
|
|
|
|
|
|
|
if should_send_mail { |
|
|
|
|
|
mail::send_register_verify_email(&data.email, &token).await?; |
|
|
mail::send_register_verify_email(&data.email, &token).await?; |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
Ok(RegisterVerificationResponse::NoContent(())) |
|
|
Ok(RegisterVerificationResponse::NoContent(())) |
|
|
} else { |
|
|
} else { |
|
|
|
Timshel
3 weeks ago