Browse Source
Merge pull request #3632 from sirux88/fix-reset-password-check-issue
fix missing password check while manual reset password enrollment
pull/3651/head
Daniel García
2 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
12 additions and
0 deletions
-
src/api/core/organizations.rs
|
|
|
@ -2675,6 +2675,7 @@ async fn delete_group_user( |
|
|
|
#[allow(non_snake_case)] |
|
|
|
struct OrganizationUserResetPasswordEnrollmentRequest { |
|
|
|
ResetPasswordKey: Option<String>, |
|
|
|
MasterPasswordHash: Option<String>, |
|
|
|
} |
|
|
|
|
|
|
|
#[derive(Deserialize)] |
|
|
|
@ -2856,6 +2857,17 @@ async fn put_reset_password_enrollment( |
|
|
|
err!("Reset password can't be withdrawed due to an enterprise policy"); |
|
|
|
} |
|
|
|
|
|
|
|
if reset_request.ResetPasswordKey.is_some() { |
|
|
|
match reset_request.MasterPasswordHash { |
|
|
|
Some(password) => { |
|
|
|
if !headers.user.check_valid_password(&password) { |
|
|
|
err!("Invalid or wrong password") |
|
|
|
} |
|
|
|
} |
|
|
|
None => err!("No password provided"), |
|
|
|
}; |
|
|
|
} |
|
|
|
|
|
|
|
org_user.reset_password_key = reset_request.ResetPasswordKey; |
|
|
|
org_user.save(&mut conn).await?; |
|
|
|
|
|
|
|
|
