topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #323 from njfox/invite_accepted_email 

Send email notifications when invitations are accepted/confirmed
pull/343/head
Daniel García 7 years ago
committed by GitHub
parent
94adf063ad 0a74e79cea
commit
5e37471488
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 141 additions and 70 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      src/api/admin.rs
  2. 90
      src/api/core/organizations.rs
  3. 24
      src/auth.rs
  4. 85
      src/mail.rs

10
src/api/admin.rs
View File

@ -4,6 +4,7 @@ use serde_json::Value;
use crate::api::{JsonResult, JsonUpcase}; use crate::api::{JsonResult, JsonUpcase};
use crate::CONFIG; use crate::CONFIG;
use crate::mail;
use crate::db::models::*; use crate::db::models::*;
use crate::db::DbConn; use crate::db::DbConn;
@ -31,7 +32,7 @@ fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult {
#[post("/invite", data = "<data>")] #[post("/invite", data = "<data>")]
fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult { fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
let data: InviteData = data.into_inner().data; let data: InviteData = data.into_inner().data;
let email = data.Email.clone();
if User::find_by_mail(&data.Email, &conn).is_some() { if User::find_by_mail(&data.Email, &conn).is_some() {
err!("User already exists") err!("User already exists")
} }
@ -43,7 +44,12 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
let mut invitation = Invitation::new(data.Email); let mut invitation = Invitation::new(data.Email);
invitation.save(&conn)?; invitation.save(&conn)?;
// TODO: Might want to send an email? if let Some(ref mail_config) = CONFIG.mail {
let mut user = User::new(email);
user.save(&conn)?;
let org_name = "bitwarden_rs";
mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?;
}
Ok(Json(json!({}))) Ok(Json(json!({})))
} }

90
src/api/core/organizations.rs
View File

@ -7,14 +7,12 @@ use crate::db::DbConn;
use crate::CONFIG; use crate::CONFIG;
use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType}; use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
use crate::auth::{decode_invite_jwt, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders, JWT_ISSUER}; use crate::auth::{decode_invite_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders};
use crate::mail; use crate::mail;
use serde::{Deserialize, Deserializer}; use serde::{Deserialize, Deserializer};
use chrono::{Duration, Utc};
use rocket::Route; use rocket::Route;
pub fn routes() -> Vec<Route> { pub fn routes() -> Vec<Route> {
@ -508,14 +506,16 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
Some(org) => org.name, Some(org) => org.name,
None => err!("Error looking up organization"), None => err!("Error looking up organization"),
}; };
let claims = generate_invite_claims(
user.uuid.to_string(), mail::send_invite(
user.email.clone(), &email,
org_id.clone(), &user.uuid,
Some(new_user.uuid.clone()), Some(org_id.clone()),
); Some(new_user.uuid),
let invite_token = encode_jwt(&claims); &org_name,
mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?; Some(headers.user.email.clone()),
mail_config
)?;
} }
} }
@ -523,7 +523,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
} }
#[post("/organizations/<org_id>/users/<user_org>/reinvite")] #[post("/organizations/<org_id>/users/<user_org>/reinvite")]
fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
if !CONFIG.invitations_allowed { if !CONFIG.invitations_allowed {
err!("Invitations are not allowed.") err!("Invitations are not allowed.")
} }
@ -551,21 +551,15 @@ fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn:
None => err!("Error looking up organization."), None => err!("Error looking up organization."),
}; };
let claims = generate_invite_claims(
user.uuid.to_string(),
user.email.clone(),
org_id.clone(),
Some(user_org.uuid.clone()),
);
let invite_token = encode_jwt(&claims);
if let Some(ref mail_config) = CONFIG.mail { if let Some(ref mail_config) = CONFIG.mail {
mail::send_invite( mail::send_invite(
&user.email, &user.email,
&org_id, &user.uuid,
&user_org.uuid, Some(org_id),
&invite_token, Some(user_org.uuid),
&org_name, &org_name,
mail_config, Some(headers.user.email),
mail_config,
)?; )?;
} }
@ -578,19 +572,6 @@ struct AcceptData {
Token: String, Token: String,
} }
fn generate_invite_claims(uuid: String, email: String, org_id: String, org_user_id: Option<String>) -> InviteJWTClaims {
let time_now = Utc::now().naive_utc();
InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: uuid.clone(),
email: email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
}
}
#[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")] #[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")]
fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult { fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead // The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
@ -601,10 +582,10 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
match User::find_by_mail(&claims.email, &conn) { match User::find_by_mail(&claims.email, &conn) {
Some(_) => { Some(_) => {
Invitation::take(&claims.email, &conn); Invitation::take(&claims.email, &conn);
if claims.user_org_id.is_some() { if claims.user_org_id.is_some() && claims.org_id.is_some() {
// If this isn't the virtual_org, mark userorg as accepted // If this isn't the virtual_org, mark userorg as accepted
let mut user_org = let mut user_org =
match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) { match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id.clone().unwrap(), &conn) {
Some(user_org) => user_org, Some(user_org) => user_org,
None => err!("Error accepting the invitation"), None => err!("Error accepting the invitation"),
}; };
@ -617,6 +598,23 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
None => err!("Invited user not found"), None => err!("Invited user not found"),
} }
if let Some(ref mail_config) = CONFIG.mail {
let mut org_name = String::from("bitwarden_rs");
if let Some(org_id) = &claims.org_id {
org_name = match Organization::find_by_uuid(&org_id, &conn) {
Some(org) => org.name,
None => err!("Organization not found.")
};
};
if let Some(invited_by_email) = &claims.invited_by_email {
// User was invited to an organization, so they must be confirmed manually after acceptance
mail::send_invite_accepted(&claims.email, invited_by_email, &org_name, mail_config)?;
} else {
// User was invited from /admin, so they are automatically confirmed
mail::send_invite_confirmed(&claims.email, &org_name, mail_config)?;
}
}
Ok(()) Ok(())
} }
@ -649,6 +647,18 @@ fn confirm_invite(
None => err!("Invalid key provided"), None => err!("Invalid key provided"),
}; };
if let Some(ref mail_config) = CONFIG.mail {
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
Some(org) => org.name,
None => err!("Error looking up organization."),
};
let address = match User::find_by_uuid(&user_to_confirm.user_uuid, &conn) {
Some(user) => user.email,
None => err!("Error looking up user."),
};
mail::send_invite_confirmed(&address, &org_name, mail_config)?;
}
user_to_confirm.save(&conn) user_to_confirm.save(&conn)
} }

24
src/auth.rs
View File

@ -2,7 +2,7 @@
// JWT Handling // JWT Handling
// //
use crate::util::read_file; use crate::util::read_file;
use chrono::Duration; use chrono::{Duration, Utc};
use jsonwebtoken::{self, Algorithm, Header}; use jsonwebtoken::{self, Algorithm, Header};
use serde::ser::Serialize; use serde::ser::Serialize;
@ -116,8 +116,28 @@ pub struct InviteJWTClaims {
pub sub: String, pub sub: String,
pub email: String, pub email: String,
pub org_id: String, pub org_id: Option<String>,
pub user_org_id: Option<String>, pub user_org_id: Option<String>,
pub invited_by_email: Option<String>,
}
pub fn generate_invite_claims(uuid: String,
email: String,
org_id: Option<String>,
org_user_id: Option<String>,
invited_by_email: Option<String>,
) -> InviteJWTClaims {
let time_now = Utc::now().naive_utc();
InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: uuid.clone(),
email: email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
invited_by_email: invited_by_email.clone(),
}
} }
// //

85
src/mail.rs
View File

@ -6,7 +6,7 @@ use native_tls::{Protocol, TlsConnector};
use crate::MailConfig; use crate::MailConfig;
use crate::CONFIG; use crate::CONFIG;
use crate::auth::{generate_invite_claims, encode_jwt};
use crate::api::EmptyResult; use crate::api::EmptyResult;
use crate::error::Error; use crate::error::Error;
@ -53,28 +53,26 @@ pub fn send_password_hint(address: &str, hint: Option<String>, config: &MailConf
) )
}; };
let email = EmailBuilder::new() send_email(&address, &subject, &body, &config)
.to(address)
.from((config.smtp_from.clone(), "Bitwarden-rs"))
.subject(subject)
.body(body)
.build()
.map_err(|e| Error::new("Error building hint email", e.to_string()))?;
mailer(config)
.send(email.into())
.map_err(|e| Error::new("Error sending hint email", e.to_string()))
.and(Ok(()))
} }
pub fn send_invite( pub fn send_invite(
address: &str, address: &str,
org_id: &str, uuid: &str,
org_user_id: &str, org_id: Option<String>,
token: &str, org_user_id: Option<String>,
org_name: &str, org_name: &str,
invited_by_email: Option<String>,
config: &MailConfig, config: &MailConfig,
) -> EmptyResult { ) -> EmptyResult {
let claims = generate_invite_claims(
uuid.to_string(),
String::from(address),
org_id.clone(),
org_user_id.clone(),
invited_by_email.clone(),
);
let invite_token = encode_jwt(&claims);
let (subject, body) = { let (subject, body) = {
(format!("Join {}", &org_name), (format!("Join {}", &org_name),
format!( format!(
@ -83,21 +81,58 @@ pub fn send_invite(
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p> <a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
<p>If you do not wish to join this organization, you can safely ignore this email.</p> <p>If you do not wish to join this organization, you can safely ignore this email.</p>
</html>", </html>",
org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token
)) ))
}; };
send_email(&address, &subject, &body, &config)
}
pub fn send_invite_accepted(
new_user_email: &str,
address: &str,
org_name: &str,
config: &MailConfig,
) -> EmptyResult {
let (subject, body) = {
("Invitation accepted",
format!(
"<html>
<p>Your invitation for <b>{}</b> to join <b>{}</b> was accepted. Please <a href=\"{}\">log in</a> to the bitwarden_rs server and confirm them from the organization management page.</p>
</html>", new_user_email, org_name, CONFIG.domain))
};
send_email(&address, &subject, &body, &config)
}
pub fn send_invite_confirmed(
address: &str,
org_name: &str,
config: &MailConfig,
) -> EmptyResult {
let (subject, body) = {
(format!("Invitation to {} confirmed", org_name),
format!(
"<html>
<p>Your invitation to join <b>{}</b> was confirmed. It will now appear under the Organizations the next time you <a href=\"{}\">log in</a> to the web vault.</p>
</html>", org_name, CONFIG.domain))
};
send_email(&address, &subject, &body, &config)
}
fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult {
let email = EmailBuilder::new() let email = EmailBuilder::new()
.to(address) .to(address)
.from((config.smtp_from.clone(), "Bitwarden-rs")) .from((config.smtp_from.clone(), "Bitwarden-rs"))
.subject(subject) .subject(subject)
.header(("Content-Type", "text/html")) .header(("Content-Type", "text/html"))
.body(body) .body(body)
.build() .build()
.map_err(|e| Error::new("Error building invite email", e.to_string()))?; .map_err(|e| Error::new("Error building email", e.to_string()))?;
mailer(config) mailer(config)
.send(email.into()) .send(email.into())
.map_err(|e| Error::new("Error sending invite email", e.to_string())) .map_err(|e| Error::new("Error sending email", e.to_string()))
.and(Ok(())) .and(Ok(()))
} }
Write Preview
Loading…
Cancel
Save