topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix clippy lints

pull/1779/head
Daniel García 4 years ago
parent
ff0fee3690
commit
9254cf9d9c
No known key found for this signature in database GPG Key ID: FC8A7D14C3CD543A
23 changed files with 163 additions and 166 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 76
      src/api/core/ciphers.rs
  2. 12
      src/api/core/organizations.rs
  3. 6
      src/api/core/two_factor/authenticator.rs
  4. 6
      src/api/core/two_factor/duo.rs
  5. 18
      src/api/core/two_factor/email.rs
  6. 12
      src/api/core/two_factor/u2f.rs
  7. 8
      src/api/core/two_factor/webauthn.rs
  8. 8
      src/api/icons.rs
  9. 12
      src/api/identity.rs
  10. 1
      src/api/mod.rs
  11. 2
      src/api/notifications.rs
  12. 6
      src/config.rs
  13. 4
      src/db/models/attachment.rs
  14. 30
      src/db/models/cipher.rs
  15. 20
      src/db/models/collection.rs
  16. 4
      src/db/models/device.rs
  17. 6
      src/db/models/favorite.rs
  18. 6
      src/db/models/folder.rs
  19. 20
      src/db/models/organization.rs
  20. 10
      src/db/models/send.rs
  21. 6
      src/db/models/two_factor.rs
  22. 6
      src/db/models/user.rs
  23. 50
      src/error.rs

76
src/api/core/ciphers.rs
View File

@ -322,12 +322,12 @@ pub fn update_cipher_from_data(
} }
if let Some(org_id) = data.OrganizationId { if let Some(org_id) = data.OrganizationId {
match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, conn) {
None => err!("You don't have permission to add item to organization"), None => err!("You don't have permission to add item to organization"),
Some(org_user) => { Some(org_user) => {
if shared_to_collection if shared_to_collection
|| org_user.has_full_access() || org_user.has_full_access()
|| cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) || cipher.is_write_accessible_to_user(&headers.user.uuid, conn)
{ {
cipher.organization_uuid = Some(org_id); cipher.organization_uuid = Some(org_id);
// After some discussion in PR #1329 re-added the user_uuid = None again. // After some discussion in PR #1329 re-added the user_uuid = None again.
@ -359,7 +359,7 @@ pub fn update_cipher_from_data(
// Modify attachments name and keys when rotating // Modify attachments name and keys when rotating
if let Some(attachments) = data.Attachments2 { if let Some(attachments) = data.Attachments2 {
for (id, attachment) in attachments { for (id, attachment) in attachments {
let mut saved_att = match Attachment::find_by_id(&id, &conn) { let mut saved_att = match Attachment::find_by_id(&id, conn) {
Some(att) => att, Some(att) => att,
None => err!("Attachment doesn't exist"), None => err!("Attachment doesn't exist"),
}; };
@ -374,7 +374,7 @@ pub fn update_cipher_from_data(
saved_att.akey = Some(attachment.Key); saved_att.akey = Some(attachment.Key);
saved_att.file_name = attachment.FileName; saved_att.file_name = attachment.FileName;
saved_att.save(&conn)?; saved_att.save(conn)?;
} }
} }
@ -420,12 +420,12 @@ pub fn update_cipher_from_data(
cipher.password_history = data.PasswordHistory.map(|f| f.to_string()); cipher.password_history = data.PasswordHistory.map(|f| f.to_string());
cipher.reprompt = data.Reprompt; cipher.reprompt = data.Reprompt;
cipher.save(&conn)?; cipher.save(conn)?;
cipher.move_to_folder(data.FolderId, &headers.user.uuid, &conn)?; cipher.move_to_folder(data.FolderId, &headers.user.uuid, conn)?;
cipher.set_favorite(data.Favorite, &headers.user.uuid, &conn)?; cipher.set_favorite(data.Favorite, &headers.user.uuid, conn)?;
if ut != UpdateType::None { if ut != UpdateType::None {
nt.send_cipher_update(ut, &cipher, &cipher.update_users_revision(&conn)); nt.send_cipher_update(ut, cipher, &cipher.update_users_revision(conn));
} }
Ok(()) Ok(())
@ -595,7 +595,7 @@ fn post_collections_admin(
cipher.get_collections(&headers.user.uuid, &conn).iter().cloned().collect(); cipher.get_collections(&headers.user.uuid, &conn).iter().cloned().collect();
for collection in posted_collections.symmetric_difference(&current_collections) { for collection in posted_collections.symmetric_difference(&current_collections) {
match Collection::find_by_uuid(&collection, &conn) { match Collection::find_by_uuid(collection, &conn) {
None => err!("Invalid collection ID provided"), None => err!("Invalid collection ID provided"),
Some(collection) => { Some(collection) => {
if collection.is_writable_by_user(&headers.user.uuid, &conn) { if collection.is_writable_by_user(&headers.user.uuid, &conn) {
@ -709,9 +709,9 @@ fn share_cipher_by_uuid(
conn: &DbConn, conn: &DbConn,
nt: &Notify, nt: &Notify,
) -> JsonResult { ) -> JsonResult {
let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) { let mut cipher = match Cipher::find_by_uuid(uuid, conn) {
Some(cipher) => { Some(cipher) => {
if cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { if cipher.is_write_accessible_to_user(&headers.user.uuid, conn) {
cipher cipher
} else { } else {
err!("Cipher is not write accessible") err!("Cipher is not write accessible")
@ -728,11 +728,11 @@ fn share_cipher_by_uuid(
None => {} None => {}
Some(organization_uuid) => { Some(organization_uuid) => {
for uuid in &data.CollectionIds { for uuid in &data.CollectionIds {
match Collection::find_by_uuid_and_org(uuid, &organization_uuid, &conn) { match Collection::find_by_uuid_and_org(uuid, &organization_uuid, conn) {
None => err!("Invalid collection ID provided"), None => err!("Invalid collection ID provided"),
Some(collection) => { Some(collection) => {
if collection.is_writable_by_user(&headers.user.uuid, &conn) { if collection.is_writable_by_user(&headers.user.uuid, conn) {
CollectionCipher::save(&cipher.uuid, &collection.uuid, &conn)?; CollectionCipher::save(&cipher.uuid, &collection.uuid, conn)?;
shared_to_collection = true; shared_to_collection = true;
} else { } else {
err!("No rights to modify the collection") err!("No rights to modify the collection")
@ -746,14 +746,14 @@ fn share_cipher_by_uuid(
update_cipher_from_data( update_cipher_from_data(
&mut cipher, &mut cipher,
data.Cipher, data.Cipher,
&headers, headers,
shared_to_collection, shared_to_collection,
&conn, conn,
&nt, nt,
UpdateType::CipherUpdate, UpdateType::CipherUpdate,
)?; )?;
Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, conn)))
} }
/// v2 API for downloading an attachment. This just redirects the client to /// v2 API for downloading an attachment. This just redirects the client to
@ -848,7 +848,7 @@ fn save_attachment(
None => err_discard!("Cipher doesn't exist", data), None => err_discard!("Cipher doesn't exist", data),
}; };
if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { if !cipher.is_write_accessible_to_user(&headers.user.uuid, conn) {
err_discard!("Cipher is not write accessible", data) err_discard!("Cipher is not write accessible", data)
} }
@ -863,7 +863,7 @@ fn save_attachment(
match CONFIG.user_attachment_limit() { match CONFIG.user_attachment_limit() {
Some(0) => err_discard!("Attachments are disabled", data), Some(0) => err_discard!("Attachments are disabled", data),
Some(limit_kb) => { Some(limit_kb) => {
let left = (limit_kb * 1024) - Attachment::size_by_user(user_uuid, &conn) + size_adjust; let left = (limit_kb * 1024) - Attachment::size_by_user(user_uuid, conn) + size_adjust;
if left <= 0 { if left <= 0 {
err_discard!("Attachment size limit reached! Delete some files to open space", data) err_discard!("Attachment size limit reached! Delete some files to open space", data)
} }
@ -875,7 +875,7 @@ fn save_attachment(
match CONFIG.org_attachment_limit() { match CONFIG.org_attachment_limit() {
Some(0) => err_discard!("Attachments are disabled", data), Some(0) => err_discard!("Attachments are disabled", data),
Some(limit_kb) => { Some(limit_kb) => {
let left = (limit_kb * 1024) - Attachment::size_by_org(org_uuid, &conn) + size_adjust; let left = (limit_kb * 1024) - Attachment::size_by_org(org_uuid, conn) + size_adjust;
if left <= 0 { if left <= 0 {
err_discard!("Attachment size limit reached! Delete some files to open space", data) err_discard!("Attachment size limit reached! Delete some files to open space", data)
} }
@ -994,7 +994,7 @@ fn save_attachment(
err!(e); err!(e);
} }
nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(&conn)); nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(conn));
Ok(cipher) Ok(cipher)
} }
@ -1303,22 +1303,22 @@ fn delete_all(
} }
fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, soft_delete: bool, nt: &Notify) -> EmptyResult { fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, soft_delete: bool, nt: &Notify) -> EmptyResult {
let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) { let mut cipher = match Cipher::find_by_uuid(uuid, conn) {
Some(cipher) => cipher, Some(cipher) => cipher,
None => err!("Cipher doesn't exist"), None => err!("Cipher doesn't exist"),
}; };
if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { if !cipher.is_write_accessible_to_user(&headers.user.uuid, conn) {
err!("Cipher can't be deleted by user") err!("Cipher can't be deleted by user")
} }
if soft_delete { if soft_delete {
cipher.deleted_at = Some(Utc::now().naive_utc()); cipher.deleted_at = Some(Utc::now().naive_utc());
cipher.save(&conn)?; cipher.save(conn)?;
nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(&conn)); nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(conn));
} else { } else {
cipher.delete(&conn)?; cipher.delete(conn)?;
nt.send_cipher_update(UpdateType::CipherDelete, &cipher, &cipher.update_users_revision(&conn)); nt.send_cipher_update(UpdateType::CipherDelete, &cipher, &cipher.update_users_revision(conn));
} }
Ok(()) Ok(())
@ -1351,20 +1351,20 @@ fn _delete_multiple_ciphers(
} }
fn _restore_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, nt: &Notify) -> JsonResult { fn _restore_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, nt: &Notify) -> JsonResult {
let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) { let mut cipher = match Cipher::find_by_uuid(uuid, conn) {
Some(cipher) => cipher, Some(cipher) => cipher,
None => err!("Cipher doesn't exist"), None => err!("Cipher doesn't exist"),
}; };
if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { if !cipher.is_write_accessible_to_user(&headers.user.uuid, conn) {
err!("Cipher can't be restored by user") err!("Cipher can't be restored by user")
} }
cipher.deleted_at = None; cipher.deleted_at = None;
cipher.save(&conn)?; cipher.save(conn)?;
nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(&conn)); nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(conn));
Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, conn)))
} }
fn _restore_multiple_ciphers(data: JsonUpcase<Value>, headers: &Headers, conn: &DbConn, nt: &Notify) -> JsonResult { fn _restore_multiple_ciphers(data: JsonUpcase<Value>, headers: &Headers, conn: &DbConn, nt: &Notify) -> JsonResult {
@ -1400,7 +1400,7 @@ fn _delete_cipher_attachment_by_id(
conn: &DbConn, conn: &DbConn,
nt: &Notify, nt: &Notify,
) -> EmptyResult { ) -> EmptyResult {
let attachment = match Attachment::find_by_id(&attachment_id, &conn) { let attachment = match Attachment::find_by_id(attachment_id, conn) {
Some(attachment) => attachment, Some(attachment) => attachment,
None => err!("Attachment doesn't exist"), None => err!("Attachment doesn't exist"),
}; };
@ -1409,17 +1409,17 @@ fn _delete_cipher_attachment_by_id(
err!("Attachment from other cipher") err!("Attachment from other cipher")
} }
let cipher = match Cipher::find_by_uuid(&uuid, &conn) { let cipher = match Cipher::find_by_uuid(uuid, conn) {
Some(cipher) => cipher, Some(cipher) => cipher,
None => err!("Cipher doesn't exist"), None => err!("Cipher doesn't exist"),
}; };
if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { if !cipher.is_write_accessible_to_user(&headers.user.uuid, conn) {
err!("Cipher cannot be deleted by user") err!("Cipher cannot be deleted by user")
} }
// Delete attachment // Delete attachment
attachment.delete(&conn)?; attachment.delete(conn)?;
nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(&conn)); nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(conn));
Ok(()) Ok(())
} }

12
src/api/core/organizations.rs
View File

@ -397,7 +397,7 @@ fn get_collection_users(org_id: String, coll_id: String, _headers: ManagerHeader
.map(|col_user| { .map(|col_user| {
UserOrganization::find_by_user_and_org(&col_user.user_uuid, &org_id, &conn) UserOrganization::find_by_user_and_org(&col_user.user_uuid, &org_id, &conn)
.unwrap() .unwrap()
.to_json_user_access_restrictions(&col_user) .to_json_user_access_restrictions(col_user)
}) })
.collect(); .collect();
@ -504,13 +504,13 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
} else { } else {
UserOrgStatus::Accepted as i32 // Automatically mark user as accepted if no email invites UserOrgStatus::Accepted as i32 // Automatically mark user as accepted if no email invites
}; };
let user = match User::find_by_mail(&email, &conn) { let user = match User::find_by_mail(email, &conn) {
None => { None => {
if !CONFIG.invitations_allowed() { if !CONFIG.invitations_allowed() {
err!(format!("User does not exist: {}", email)) err!(format!("User does not exist: {}", email))
} }
if !CONFIG.is_email_domain_allowed(&email) { if !CONFIG.is_email_domain_allowed(email) {
err!("Email domain not eligible for invitations") err!("Email domain not eligible for invitations")
} }
@ -560,7 +560,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
}; };
mail::send_invite( mail::send_invite(
&email, email,
&user.uuid, &user.uuid,
Some(org_id.clone()), Some(org_id.clone()),
Some(new_user.uuid), Some(new_user.uuid),
@ -630,7 +630,7 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead // The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
let data: AcceptData = data.into_inner().data; let data: AcceptData = data.into_inner().data;
let token = &data.Token; let token = &data.Token;
let claims = decode_invite(&token)?; let claims = decode_invite(token)?;
match User::find_by_mail(&claims.email, &conn) { match User::find_by_mail(&claims.email, &conn) {
Some(_) => { Some(_) => {
@ -656,7 +656,7 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
if CONFIG.mail_enabled() { if CONFIG.mail_enabled() {
let mut org_name = CONFIG.invitation_org_name(); let mut org_name = CONFIG.invitation_org_name();
if let Some(org_id) = &claims.org_id { if let Some(org_id) = &claims.org_id {
org_name = match Organization::find_by_uuid(&org_id, &conn) { org_name = match Organization::find_by_uuid(org_id, &conn) {
Some(org) => org.name, Some(org) => org.name,
None => err!("Organization not found."), None => err!("Organization not found."),
}; };

6
src/api/core/two_factor/authenticator.rs
View File

@ -114,7 +114,7 @@ pub fn validate_totp_code_str(
_ => err!("TOTP code is not a number"), _ => err!("TOTP code is not a number"),
}; };
validate_totp_code(user_uuid, totp_code, secret, ip, &conn) validate_totp_code(user_uuid, totp_code, secret, ip, conn)
} }
pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, ip: &ClientIp, conn: &DbConn) -> EmptyResult { pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, ip: &ClientIp, conn: &DbConn) -> EmptyResult {
@ -125,7 +125,7 @@ pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, ip: &Cl
Err(_) => err!("Invalid TOTP secret"), Err(_) => err!("Invalid TOTP secret"),
}; };
let mut twofactor = match TwoFactor::find_by_user_and_type(&user_uuid, TwoFactorType::Authenticator as i32, &conn) { let mut twofactor = match TwoFactor::find_by_user_and_type(user_uuid, TwoFactorType::Authenticator as i32, conn) {
Some(tf) => tf, Some(tf) => tf,
_ => TwoFactor::new(user_uuid.to_string(), TwoFactorType::Authenticator, secret.to_string()), _ => TwoFactor::new(user_uuid.to_string(), TwoFactorType::Authenticator, secret.to_string()),
}; };
@ -156,7 +156,7 @@ pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, ip: &Cl
// Save the last used time step so only totp time steps higher then this one are allowed. // Save the last used time step so only totp time steps higher then this one are allowed.
// This will also save a newly created twofactor if the code is correct. // This will also save a newly created twofactor if the code is correct.
twofactor.last_used = time_step as i32; twofactor.last_used = time_step as i32;
twofactor.save(&conn)?; twofactor.save(conn)?;
return Ok(()); return Ok(());
} else if generated == totp_code && time_step <= twofactor.last_used as i64 { } else if generated == totp_code && time_step <= twofactor.last_used as i64 {
warn!("This or a TOTP code within {} steps back and forward has already been used!", steps); warn!("This or a TOTP code within {} steps back and forward has already been used!", steps);

6
src/api/core/two_factor/duo.rs
View File

@ -226,7 +226,7 @@ fn get_user_duo_data(uuid: &str, conn: &DbConn) -> DuoStatus {
let type_ = TwoFactorType::Duo as i32; let type_ = TwoFactorType::Duo as i32;
// If the user doesn't have an entry, disabled // If the user doesn't have an entry, disabled
let twofactor = match TwoFactor::find_by_user_and_type(uuid, type_, &conn) { let twofactor = match TwoFactor::find_by_user_and_type(uuid, type_, conn) {
Some(t) => t, Some(t) => t,
None => return DuoStatus::Disabled(DuoData::global().is_some()), None => return DuoStatus::Disabled(DuoData::global().is_some()),
}; };
@ -247,8 +247,8 @@ fn get_user_duo_data(uuid: &str, conn: &DbConn) -> DuoStatus {
// let (ik, sk, ak, host) = get_duo_keys(); // let (ik, sk, ak, host) = get_duo_keys();
fn get_duo_keys_email(email: &str, conn: &DbConn) -> ApiResult<(String, String, String, String)> { fn get_duo_keys_email(email: &str, conn: &DbConn) -> ApiResult<(String, String, String, String)> {
let data = User::find_by_mail(email, &conn) let data = User::find_by_mail(email, conn)
.and_then(|u| get_user_duo_data(&u.uuid, &conn).data()) .and_then(|u| get_user_duo_data(&u.uuid, conn).data())
.or_else(DuoData::global) .or_else(DuoData::global)
.map_res("Can't fetch Duo keys")?; .map_res("Can't fetch Duo keys")?;

18
src/api/core/two_factor/email.rs
View File

@ -56,14 +56,14 @@ fn send_email_login(data: JsonUpcase<SendEmailLoginData>, conn: DbConn) -> Empty
/// Generate the token, save the data for later verification and send email to user /// Generate the token, save the data for later verification and send email to user
pub fn send_token(user_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn send_token(user_uuid: &str, conn: &DbConn) -> EmptyResult {
let type_ = TwoFactorType::Email as i32; let type_ = TwoFactorType::Email as i32;
let mut twofactor = TwoFactor::find_by_user_and_type(user_uuid, type_, &conn).map_res("Two factor not found")?; let mut twofactor = TwoFactor::find_by_user_and_type(user_uuid, type_, conn).map_res("Two factor not found")?;
let generated_token = crypto::generate_token(CONFIG.email_token_size())?; let generated_token = crypto::generate_token(CONFIG.email_token_size())?;
let mut twofactor_data = EmailTokenData::from_json(&twofactor.data)?; let mut twofactor_data = EmailTokenData::from_json(&twofactor.data)?;
twofactor_data.set_token(generated_token); twofactor_data.set_token(generated_token);
twofactor.data = twofactor_data.to_json(); twofactor.data = twofactor_data.to_json();
twofactor.save(&conn)?; twofactor.save(conn)?;
mail::send_token(&twofactor_data.email, &twofactor_data.last_token.map_res("Token is empty")?)?; mail::send_token(&twofactor_data.email, &twofactor_data.last_token.map_res("Token is empty")?)?;
@ -181,8 +181,8 @@ fn email(data: JsonUpcase<EmailData>, headers: Headers, conn: DbConn) -> JsonRes
/// Validate the email code when used as TwoFactor token mechanism /// Validate the email code when used as TwoFactor token mechanism
pub fn validate_email_code_str(user_uuid: &str, token: &str, data: &str, conn: &DbConn) -> EmptyResult { pub fn validate_email_code_str(user_uuid: &str, token: &str, data: &str, conn: &DbConn) -> EmptyResult {
let mut email_data = EmailTokenData::from_json(&data)?; let mut email_data = EmailTokenData::from_json(data)?;
let mut twofactor = TwoFactor::find_by_user_and_type(&user_uuid, TwoFactorType::Email as i32, &conn) let mut twofactor = TwoFactor::find_by_user_and_type(user_uuid, TwoFactorType::Email as i32, conn)
.map_res("Two factor not found")?; .map_res("Two factor not found")?;
let issued_token = match &email_data.last_token { let issued_token = match &email_data.last_token {
Some(t) => t, Some(t) => t,
@ -195,14 +195,14 @@ pub fn validate_email_code_str(user_uuid: &str, token: &str, data: &str, conn: &
email_data.reset_token(); email_data.reset_token();
} }
twofactor.data = email_data.to_json(); twofactor.data = email_data.to_json();
twofactor.save(&conn)?; twofactor.save(conn)?;
err!("Token is invalid") err!("Token is invalid")
} }
email_data.reset_token(); email_data.reset_token();
twofactor.data = email_data.to_json(); twofactor.data = email_data.to_json();
twofactor.save(&conn)?; twofactor.save(conn)?;
let date = NaiveDateTime::from_timestamp(email_data.token_sent, 0); let date = NaiveDateTime::from_timestamp(email_data.token_sent, 0);
let max_time = CONFIG.email_expiration_time() as i64; let max_time = CONFIG.email_expiration_time() as i64;
@ -255,7 +255,7 @@ impl EmailTokenData {
} }
pub fn from_json(string: &str) -> Result<EmailTokenData, Error> { pub fn from_json(string: &str) -> Result<EmailTokenData, Error> {
let res: Result<EmailTokenData, crate::serde_json::Error> = serde_json::from_str(&string); let res: Result<EmailTokenData, crate::serde_json::Error> = serde_json::from_str(string);
match res { match res {
Ok(x) => Ok(x), Ok(x) => Ok(x),
Err(_) => err!("Could not decode EmailTokenData from string"), Err(_) => err!("Could not decode EmailTokenData from string"),
@ -292,7 +292,7 @@ mod tests {
fn test_obscure_email_long() { fn test_obscure_email_long() {
let email = "bytes@example.ext"; let email = "bytes@example.ext";
let result = obscure_email(&email); let result = obscure_email(email);
// Only first two characters should be visible. // Only first two characters should be visible.
assert_eq!(result, "by***@example.ext"); assert_eq!(result, "by***@example.ext");
@ -302,7 +302,7 @@ mod tests {
fn test_obscure_email_short() { fn test_obscure_email_short() {
let email = "byt@example.ext"; let email = "byt@example.ext";
let result = obscure_email(&email); let result = obscure_email(email);
// If it's smaller than 3 characters it should only show asterisks. // If it's smaller than 3 characters it should only show asterisks.
assert_eq!(result, "***@example.ext"); assert_eq!(result, "***@example.ext");

12
src/api/core/two_factor/u2f.rs
View File

@ -248,7 +248,7 @@ fn _create_u2f_challenge(user_uuid: &str, type_: TwoFactorType, conn: &DbConn) -
} }
fn save_u2f_registrations(user_uuid: &str, regs: &[U2FRegistration], conn: &DbConn) -> EmptyResult { fn save_u2f_registrations(user_uuid: &str, regs: &[U2FRegistration], conn: &DbConn) -> EmptyResult {
TwoFactor::new(user_uuid.into(), TwoFactorType::U2f, serde_json::to_string(regs)?).save(&conn) TwoFactor::new(user_uuid.into(), TwoFactorType::U2f, serde_json::to_string(regs)?).save(conn)
} }
fn get_u2f_registrations(user_uuid: &str, conn: &DbConn) -> Result<(bool, Vec<U2FRegistration>), Error> { fn get_u2f_registrations(user_uuid: &str, conn: &DbConn) -> Result<(bool, Vec<U2FRegistration>), Error> {
@ -279,7 +279,7 @@ fn get_u2f_registrations(user_uuid: &str, conn: &DbConn) -> Result<(bool, Vec<U2
}]; }];
// Save new format // Save new format
save_u2f_registrations(user_uuid, &new_regs, &conn)?; save_u2f_registrations(user_uuid, &new_regs, conn)?;
new_regs new_regs
} }
@ -311,12 +311,12 @@ pub fn generate_u2f_login(user_uuid: &str, conn: &DbConn) -> ApiResult<U2fSignRe
pub fn validate_u2f_login(user_uuid: &str, response: &str, conn: &DbConn) -> EmptyResult { pub fn validate_u2f_login(user_uuid: &str, response: &str, conn: &DbConn) -> EmptyResult {
let challenge_type = TwoFactorType::U2fLoginChallenge as i32; let challenge_type = TwoFactorType::U2fLoginChallenge as i32;
let tf_challenge = TwoFactor::find_by_user_and_type(user_uuid, challenge_type, &conn); let tf_challenge = TwoFactor::find_by_user_and_type(user_uuid, challenge_type, conn);
let challenge = match tf_challenge { let challenge = match tf_challenge {
Some(tf_challenge) => { Some(tf_challenge) => {
let challenge: Challenge = serde_json::from_str(&tf_challenge.data)?; let challenge: Challenge = serde_json::from_str(&tf_challenge.data)?;
tf_challenge.delete(&conn)?; tf_challenge.delete(conn)?;
challenge challenge
} }
None => err!("Can't recover login challenge"), None => err!("Can't recover login challenge"),
@ -332,13 +332,13 @@ pub fn validate_u2f_login(user_uuid: &str, response: &str, conn: &DbConn) -> Emp
match response { match response {
Ok(new_counter) => { Ok(new_counter) => {
reg.counter = new_counter; reg.counter = new_counter;
save_u2f_registrations(user_uuid, &registrations, &conn)?; save_u2f_registrations(user_uuid, &registrations, conn)?;
return Ok(()); return Ok(());
} }
Err(u2f::u2ferror::U2fError::CounterTooLow) => { Err(u2f::u2ferror::U2fError::CounterTooLow) => {
reg.compromised = true; reg.compromised = true;
save_u2f_registrations(user_uuid, &registrations, &conn)?; save_u2f_registrations(user_uuid, &registrations, conn)?;
err!("This device might be compromised!"); err!("This device might be compromised!");
} }

8
src/api/core/two_factor/webauthn.rs
View File

@ -128,7 +128,7 @@ fn generate_webauthn_challenge(data: JsonUpcase<PasswordData>, headers: Headers,
)?; )?;
let type_ = TwoFactorType::WebauthnRegisterChallenge; let type_ = TwoFactorType::WebauthnRegisterChallenge;
TwoFactor::new(headers.user.uuid.clone(), type_, serde_json::to_string(&state)?).save(&conn)?; TwoFactor::new(headers.user.uuid, type_, serde_json::to_string(&state)?).save(&conn)?;
let mut challenge_value = serde_json::to_value(challenge.public_key)?; let mut challenge_value = serde_json::to_value(challenge.public_key)?;
challenge_value["status"] = "ok".into(); challenge_value["status"] = "ok".into();
@ -354,7 +354,7 @@ pub fn generate_webauthn_login(user_uuid: &str, conn: &DbConn) -> JsonResult {
// Save the challenge state for later validation // Save the challenge state for later validation
TwoFactor::new(user_uuid.into(), TwoFactorType::WebauthnLoginChallenge, serde_json::to_string(&state)?) TwoFactor::new(user_uuid.into(), TwoFactorType::WebauthnLoginChallenge, serde_json::to_string(&state)?)
.save(&conn)?; .save(conn)?;
// Return challenge to the clients // Return challenge to the clients
Ok(Json(serde_json::to_value(response.public_key)?)) Ok(Json(serde_json::to_value(response.public_key)?))
@ -365,7 +365,7 @@ pub fn validate_webauthn_login(user_uuid: &str, response: &str, conn: &DbConn) -
let state = match TwoFactor::find_by_user_and_type(user_uuid, type_, conn) { let state = match TwoFactor::find_by_user_and_type(user_uuid, type_, conn) {
Some(tf) => { Some(tf) => {
let state: AuthenticationState = serde_json::from_str(&tf.data)?; let state: AuthenticationState = serde_json::from_str(&tf.data)?;
tf.delete(&conn)?; tf.delete(conn)?;
state state
} }
None => err!("Can't recover login challenge"), None => err!("Can't recover login challenge"),
@ -385,7 +385,7 @@ pub fn validate_webauthn_login(user_uuid: &str, response: &str, conn: &DbConn) -
reg.credential.counter = auth_data.counter; reg.credential.counter = auth_data.counter;
TwoFactor::new(user_uuid.to_string(), TwoFactorType::Webauthn, serde_json::to_string(&registrations)?) TwoFactor::new(user_uuid.to_string(), TwoFactorType::Webauthn, serde_json::to_string(&registrations)?)
.save(&conn)?; .save(conn)?;
return Ok(()); return Ok(());
} }
} }

8
src/api/icons.rs
View File

@ -249,7 +249,7 @@ fn is_domain_blacklisted(domain: &str) -> bool {
}; };
// Use the pre-generate Regex stored in a Lazy HashMap. // Use the pre-generate Regex stored in a Lazy HashMap.
if regex.is_match(&domain) { if regex.is_match(domain) {
warn!("Blacklisted domain: {:#?} matched {:#?}", domain, blacklist); warn!("Blacklisted domain: {:#?} matched {:#?}", domain, blacklist);
is_blacklisted = true; is_blacklisted = true;
} }
@ -280,7 +280,7 @@ fn get_icon(domain: &str) -> Option<(Vec<u8>, String)> {
} }
// Get the icon, or None in case of error // Get the icon, or None in case of error
match download_icon(&domain) { match download_icon(domain) {
Ok((icon, icon_type)) => { Ok((icon, icon_type)) => {
save_icon(&path, &icon); save_icon(&path, &icon);
Some((icon, icon_type.unwrap_or("x-icon").to_string())) Some((icon, icon_type.unwrap_or("x-icon").to_string()))
@ -431,7 +431,7 @@ fn get_favicons_node(node: &std::rc::Rc<markup5ever_rcdom::Node>, icons: &mut Ve
if has_rel { if has_rel {
if let Some(inner_href) = href { if let Some(inner_href) = href {
if let Ok(full_href) = url.join(&inner_href).map(String::from) { if let Ok(full_href) = url.join(inner_href).map(String::from) {
let priority = get_icon_priority(&full_href, sizes); let priority = get_icon_priority(&full_href, sizes);
icons.push(Icon::new(priority, full_href)); icons.push(Icon::new(priority, full_href));
} }
@ -650,7 +650,7 @@ fn download_icon(domain: &str) -> Result<(Vec<u8>, Option<&str>), Error> {
err!("Domain is blacklisted", domain) err!("Domain is blacklisted", domain)
} }
let icon_result = get_icon_url(&domain)?; let icon_result = get_icon_url(domain)?;
let mut buffer = Vec::new(); let mut buffer = Vec::new();
let mut icon_type: Option<&str> = None; let mut icon_type: Option<&str> = None;

12
src/api/identity.rs
View File

@ -134,7 +134,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: &ClientIp) -> JsonResult
let (mut device, new_device) = get_device(&data, &conn, &user); let (mut device, new_device) = get_device(&data, &conn, &user);
let twofactor_token = twofactor_auth(&user.uuid, &data, &mut device, &ip, &conn)?; let twofactor_token = twofactor_auth(&user.uuid, &data, &mut device, ip, &conn)?;
if CONFIG.mail_enabled() && new_device { if CONFIG.mail_enabled() && new_device {
if let Err(e) = mail::send_new_device_logged_in(&user.email, &ip.ip.to_string(), &now, &device.name) { if let Err(e) = mail::send_new_device_logged_in(&user.email, &ip.ip.to_string(), &now, &device.name) {
@ -185,7 +185,7 @@ fn get_device(data: &ConnectData, conn: &DbConn, user: &User) -> (Device, bool)
let mut new_device = false; let mut new_device = false;
// Find device or create new // Find device or create new
let device = match Device::find_by_uuid(&device_id, &conn) { let device = match Device::find_by_uuid(&device_id, conn) {
Some(device) => { Some(device) => {
// Check if owned device, and recreate if not // Check if owned device, and recreate if not
if device.user_uuid != user.uuid { if device.user_uuid != user.uuid {
@ -316,7 +316,7 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
} }
Some(TwoFactorType::Duo) => { Some(TwoFactorType::Duo) => {
let email = match User::find_by_uuid(user_uuid, &conn) { let email = match User::find_by_uuid(user_uuid, conn) {
Some(u) => u.email, Some(u) => u.email,
None => err!("User does not exist"), None => err!("User does not exist"),
}; };
@ -330,7 +330,7 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
} }
Some(tf_type @ TwoFactorType::YubiKey) => { Some(tf_type @ TwoFactorType::YubiKey) => {
let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, &conn) { let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, conn) {
Some(tf) => tf, Some(tf) => tf,
None => err!("No YubiKey devices registered"), None => err!("No YubiKey devices registered"),
}; };
@ -345,14 +345,14 @@ fn _json_err_twofactor(providers: &[i32], user_uuid: &str, conn: &DbConn) -> Api
Some(tf_type @ TwoFactorType::Email) => { Some(tf_type @ TwoFactorType::Email) => {
use crate::api::core::two_factor as _tf; use crate::api::core::two_factor as _tf;
let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, &conn) { let twofactor = match TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, conn) {
Some(tf) => tf, Some(tf) => tf,
None => err!("No twofactor email registered"), None => err!("No twofactor email registered"),
}; };
// Send email immediately if email is the only 2FA option // Send email immediately if email is the only 2FA option
if providers.len() == 1 { if providers.len() == 1 {
_tf::email::send_token(&user_uuid, &conn)? _tf::email::send_token(user_uuid, conn)?
} }
let email_data = EmailTokenData::from_json(&twofactor.data)?; let email_data = EmailTokenData::from_json(&twofactor.data)?;

1
src/api/mod.rs
View File

@ -51,6 +51,7 @@ impl NumberOrString {
} }
} }
#[allow(clippy::wrong_self_convention)]
fn into_i32(&self) -> ApiResult<i32> { fn into_i32(&self) -> ApiResult<i32> {
use std::num::ParseIntError as PIE; use std::num::ParseIntError as PIE;
match self { match self {

2
src/api/notifications.rs
View File

@ -332,7 +332,7 @@ impl WebSocketUsers {
); );
for uuid in user_uuids { for uuid in user_uuids {
self.send_update(&uuid, &data).ok(); self.send_update(uuid, &data).ok();
} }
} }
} }

6
src/config.rs
View File

@ -81,20 +81,16 @@ macro_rules! make_config {
dotenv::Error::Io(ioerr) => match ioerr.kind() { dotenv::Error::Io(ioerr) => match ioerr.kind() {
std::io::ErrorKind::NotFound => { std::io::ErrorKind::NotFound => {
println!("[INFO] No .env file found.\n"); println!("[INFO] No .env file found.\n");
()
}, },
std::io::ErrorKind::PermissionDenied => { std::io::ErrorKind::PermissionDenied => {
println!("[WARNING] Permission Denied while trying to read the .env file!\n"); println!("[WARNING] Permission Denied while trying to read the .env file!\n");
()
}, },
_ => { _ => {
println!("[WARNING] Reading the .env file failed:\n{:?}\n", ioerr); println!("[WARNING] Reading the .env file failed:\n{:?}\n", ioerr);
()
} }
}, },
_ => { _ => {
println!("[WARNING] Reading the .env file failed:\n{:?}\n", e); println!("[WARNING] Reading the .env file failed:\n{:?}\n", e);
()
} }
} }
}; };
@ -610,7 +606,7 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
// Check if the icon blacklist regex is valid // Check if the icon blacklist regex is valid
if let Some(ref r) = cfg.icon_blacklist_regex { if let Some(ref r) = cfg.icon_blacklist_regex {
let validate_regex = Regex::new(&r); let validate_regex = Regex::new(r);
match validate_regex { match validate_regex {
Ok(_) => (), Ok(_) => (),
Err(e) => err!(format!("`ICON_BLACKLIST_REGEX` is invalid: {:#?}", e)), Err(e) => err!(format!("`ICON_BLACKLIST_REGEX` is invalid: {:#?}", e)),

4
src/db/models/attachment.rs
View File

@ -117,8 +117,8 @@ impl Attachment {
} }
pub fn delete_all_by_cipher(cipher_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_cipher(cipher_uuid: &str, conn: &DbConn) -> EmptyResult {
for attachment in Attachment::find_by_cipher(&cipher_uuid, &conn) { for attachment in Attachment::find_by_cipher(cipher_uuid, conn) {
attachment.delete(&conn)?; attachment.delete(conn)?;
} }
Ok(()) Ok(())
} }

30
src/db/models/cipher.rs
View File

@ -97,7 +97,7 @@ impl Cipher {
let password_history_json = let password_history_json =
self.password_history.as_ref().and_then(|s| serde_json::from_str(s).ok()).unwrap_or(Value::Null); self.password_history.as_ref().and_then(|s| serde_json::from_str(s).ok()).unwrap_or(Value::Null);
let (read_only, hide_passwords) = match self.get_access_restrictions(&user_uuid, conn) { let (read_only, hide_passwords) = match self.get_access_restrictions(user_uuid, conn) {
Some((ro, hp)) => (ro, hp), Some((ro, hp)) => (ro, hp),
None => { None => {
error!("Cipher ownership assertion failure"); error!("Cipher ownership assertion failure");
@ -144,8 +144,8 @@ impl Cipher {
"Type": self.atype, "Type": self.atype,
"RevisionDate": format_date(&self.updated_at), "RevisionDate": format_date(&self.updated_at),
"DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))), "DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
"FolderId": self.get_folder_uuid(&user_uuid, conn), "FolderId": self.get_folder_uuid(user_uuid, conn),
"Favorite": self.is_favorite(&user_uuid, conn), "Favorite": self.is_favorite(user_uuid, conn),
"Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32), "Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32),
"OrganizationId": self.organization_uuid, "OrganizationId": self.organization_uuid,
"Attachments": attachments_json, "Attachments": attachments_json,
@ -193,13 +193,13 @@ impl Cipher {
let mut user_uuids = Vec::new(); let mut user_uuids = Vec::new();
match self.user_uuid { match self.user_uuid {
Some(ref user_uuid) => { Some(ref user_uuid) => {
User::update_uuid_revision(&user_uuid, conn); User::update_uuid_revision(user_uuid, conn);
user_uuids.push(user_uuid.clone()) user_uuids.push(user_uuid.clone())
} }
None => { None => {
// Belongs to Organization, need to update affected users // Belongs to Organization, need to update affected users
if let Some(ref org_uuid) = self.organization_uuid { if let Some(ref org_uuid) = self.organization_uuid {
UserOrganization::find_by_cipher_and_org(&self.uuid, &org_uuid, conn).iter().for_each(|user_org| { UserOrganization::find_by_cipher_and_org(&self.uuid, org_uuid, conn).iter().for_each(|user_org| {
User::update_uuid_revision(&user_org.user_uuid, conn); User::update_uuid_revision(&user_org.user_uuid, conn);
user_uuids.push(user_org.user_uuid.clone()) user_uuids.push(user_org.user_uuid.clone())
}); });
@ -260,15 +260,15 @@ impl Cipher {
} }
pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult {
for cipher in Self::find_by_org(org_uuid, &conn) { for cipher in Self::find_by_org(org_uuid, conn) {
cipher.delete(&conn)?; cipher.delete(conn)?;
} }
Ok(()) Ok(())
} }
pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
for cipher in Self::find_owned_by_user(user_uuid, &conn) { for cipher in Self::find_owned_by_user(user_uuid, conn) {
cipher.delete(&conn)?; cipher.delete(conn)?;
} }
Ok(()) Ok(())
} }
@ -279,7 +279,7 @@ impl Cipher {
let now = Utc::now().naive_utc(); let now = Utc::now().naive_utc();
let dt = now - Duration::days(auto_delete_days); let dt = now - Duration::days(auto_delete_days);
for cipher in Self::find_deleted_before(&dt, conn) { for cipher in Self::find_deleted_before(&dt, conn) {
cipher.delete(&conn).ok(); cipher.delete(conn).ok();
} }
} }
} }
@ -287,7 +287,7 @@ impl Cipher {
pub fn move_to_folder(&self, folder_uuid: Option<String>, user_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn move_to_folder(&self, folder_uuid: Option<String>, user_uuid: &str, conn: &DbConn) -> EmptyResult {
User::update_uuid_revision(user_uuid, conn); User::update_uuid_revision(user_uuid, conn);
match (self.get_folder_uuid(&user_uuid, conn), folder_uuid) { match (self.get_folder_uuid(user_uuid, conn), folder_uuid) {
// No changes // No changes
(None, None) => Ok(()), (None, None) => Ok(()),
(Some(ref old), Some(ref new)) if old == new => Ok(()), (Some(ref old), Some(ref new)) if old == new => Ok(()),
@ -319,7 +319,7 @@ impl Cipher {
/// Returns whether this cipher is owned by an org in which the user has full access. /// Returns whether this cipher is owned by an org in which the user has full access.
pub fn is_in_full_access_org(&self, user_uuid: &str, conn: &DbConn) -> bool { pub fn is_in_full_access_org(&self, user_uuid: &str, conn: &DbConn) -> bool {
if let Some(ref org_uuid) = self.organization_uuid { if let Some(ref org_uuid) = self.organization_uuid {
if let Some(user_org) = UserOrganization::find_by_user_and_org(&user_uuid, &org_uuid, conn) { if let Some(user_org) = UserOrganization::find_by_user_and_org(user_uuid, org_uuid, conn) {
return user_org.has_full_access(); return user_org.has_full_access();
} }
} }
@ -336,7 +336,7 @@ impl Cipher {
// Check whether this cipher is directly owned by the user, or is in // Check whether this cipher is directly owned by the user, or is in
// a collection that the user has full access to. If so, there are no // a collection that the user has full access to. If so, there are no
// access restrictions. // access restrictions.
if self.is_owned_by_user(&user_uuid) || self.is_in_full_access_org(&user_uuid, &conn) { if self.is_owned_by_user(user_uuid) || self.is_in_full_access_org(user_uuid, conn) {
return Some((false, false)); return Some((false, false));
} }
@ -377,14 +377,14 @@ impl Cipher {
} }
pub fn is_write_accessible_to_user(&self, user_uuid: &str, conn: &DbConn) -> bool { pub fn is_write_accessible_to_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
match self.get_access_restrictions(&user_uuid, &conn) { match self.get_access_restrictions(user_uuid, conn) {
Some((read_only, _hide_passwords)) => !read_only, Some((read_only, _hide_passwords)) => !read_only,
None => false, None => false,
} }
} }
pub fn is_accessible_to_user(&self, user_uuid: &str, conn: &DbConn) -> bool { pub fn is_accessible_to_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
self.get_access_restrictions(&user_uuid, &conn).is_some() self.get_access_restrictions(user_uuid, conn).is_some()
} }
// Returns whether this cipher is a favorite of the specified user. // Returns whether this cipher is a favorite of the specified user.

20
src/db/models/collection.rs
View File

@ -109,8 +109,8 @@ impl Collection {
pub fn delete(self, conn: &DbConn) -> EmptyResult { pub fn delete(self, conn: &DbConn) -> EmptyResult {
self.update_users_revision(conn); self.update_users_revision(conn);
CollectionCipher::delete_all_by_collection(&self.uuid, &conn)?; CollectionCipher::delete_all_by_collection(&self.uuid, conn)?;
CollectionUser::delete_all_by_collection(&self.uuid, &conn)?; CollectionUser::delete_all_by_collection(&self.uuid, conn)?;
db_run! { conn: { db_run! { conn: {
diesel::delete(collections::table.filter(collections::uuid.eq(self.uuid))) diesel::delete(collections::table.filter(collections::uuid.eq(self.uuid)))
@ -120,8 +120,8 @@ impl Collection {
} }
pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult {
for collection in Self::find_by_organization(org_uuid, &conn) { for collection in Self::find_by_organization(org_uuid, conn) {
collection.delete(&conn)?; collection.delete(conn)?;
} }
Ok(()) Ok(())
} }
@ -220,7 +220,7 @@ impl Collection {
} }
pub fn is_writable_by_user(&self, user_uuid: &str, conn: &DbConn) -> bool { pub fn is_writable_by_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
match UserOrganization::find_by_user_and_org(&user_uuid, &self.org_uuid, &conn) { match UserOrganization::find_by_user_and_org(user_uuid, &self.org_uuid, conn) {
None => false, // Not in Org None => false, // Not in Org
Some(user_org) => { Some(user_org) => {
if user_org.has_full_access() { if user_org.has_full_access() {
@ -242,7 +242,7 @@ impl Collection {
} }
pub fn hide_passwords_for_user(&self, user_uuid: &str, conn: &DbConn) -> bool { pub fn hide_passwords_for_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
match UserOrganization::find_by_user_and_org(&user_uuid, &self.org_uuid, &conn) { match UserOrganization::find_by_user_and_org(user_uuid, &self.org_uuid, conn) {
None => true, // Not in Org None => true, // Not in Org
Some(user_org) => { Some(user_org) => {
if user_org.has_full_access() { if user_org.has_full_access() {
@ -286,7 +286,7 @@ impl CollectionUser {
hide_passwords: bool, hide_passwords: bool,
conn: &DbConn, conn: &DbConn,
) -> EmptyResult { ) -> EmptyResult {
User::update_uuid_revision(&user_uuid, conn); User::update_uuid_revision(user_uuid, conn);
db_run! { conn: db_run! { conn:
sqlite, mysql { sqlite, mysql {
@ -375,7 +375,7 @@ impl CollectionUser {
} }
pub fn delete_all_by_collection(collection_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_collection(collection_uuid: &str, conn: &DbConn) -> EmptyResult {
CollectionUser::find_by_collection(&collection_uuid, conn).iter().for_each(|collection| { CollectionUser::find_by_collection(collection_uuid, conn).iter().for_each(|collection| {
User::update_uuid_revision(&collection.user_uuid, conn); User::update_uuid_revision(&collection.user_uuid, conn);
}); });
@ -406,7 +406,7 @@ impl CollectionUser {
/// Database methods /// Database methods
impl CollectionCipher { impl CollectionCipher {
pub fn save(cipher_uuid: &str, collection_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn save(cipher_uuid: &str, collection_uuid: &str, conn: &DbConn) -> EmptyResult {
Self::update_users_revision(&collection_uuid, conn); Self::update_users_revision(collection_uuid, conn);
db_run! { conn: db_run! { conn:
sqlite, mysql { sqlite, mysql {
@ -436,7 +436,7 @@ impl CollectionCipher {
} }
pub fn delete(cipher_uuid: &str, collection_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete(cipher_uuid: &str, collection_uuid: &str, conn: &DbConn) -> EmptyResult {
Self::update_users_revision(&collection_uuid, conn); Self::update_users_revision(collection_uuid, conn);
db_run! { conn: { db_run! { conn: {
diesel::delete( diesel::delete(

4
src/db/models/device.rs
View File

@ -143,8 +143,8 @@ impl Device {
} }
pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
for device in Self::find_by_user(user_uuid, &conn) { for device in Self::find_by_user(user_uuid, conn) {
device.delete(&conn)?; device.delete(conn)?;
} }
Ok(()) Ok(())
} }

6
src/db/models/favorite.rs
View File

@ -32,10 +32,10 @@ impl Favorite {
// Sets whether the specified cipher is a favorite of the specified user. // Sets whether the specified cipher is a favorite of the specified user.
pub fn set_favorite(favorite: bool, cipher_uuid: &str, user_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn set_favorite(favorite: bool, cipher_uuid: &str, user_uuid: &str, conn: &DbConn) -> EmptyResult {
let (old, new) = (Self::is_favorite(cipher_uuid, user_uuid, &conn), favorite); let (old, new) = (Self::is_favorite(cipher_uuid, user_uuid, conn), favorite);
match (old, new) { match (old, new) {
(false, true) => { (false, true) => {
User::update_uuid_revision(user_uuid, &conn); User::update_uuid_revision(user_uuid, conn);
db_run! { conn: { db_run! { conn: {
diesel::insert_into(favorites::table) diesel::insert_into(favorites::table)
.values(( .values((
@ -47,7 +47,7 @@ impl Favorite {
}} }}
} }
(true, false) => { (true, false) => {
User::update_uuid_revision(user_uuid, &conn); User::update_uuid_revision(user_uuid, conn);
db_run! { conn: { db_run! { conn: {
diesel::delete( diesel::delete(
favorites::table favorites::table

6
src/db/models/folder.rs
View File

@ -107,7 +107,7 @@ impl Folder {
pub fn delete(&self, conn: &DbConn) -> EmptyResult { pub fn delete(&self, conn: &DbConn) -> EmptyResult {
User::update_uuid_revision(&self.user_uuid, conn); User::update_uuid_revision(&self.user_uuid, conn);
FolderCipher::delete_all_by_folder(&self.uuid, &conn)?; FolderCipher::delete_all_by_folder(&self.uuid, conn)?;
db_run! { conn: { db_run! { conn: {
diesel::delete(folders::table.filter(folders::uuid.eq(&self.uuid))) diesel::delete(folders::table.filter(folders::uuid.eq(&self.uuid)))
@ -117,8 +117,8 @@ impl Folder {
} }
pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
for folder in Self::find_by_user(user_uuid, &conn) { for folder in Self::find_by_user(user_uuid, conn) {
folder.delete(&conn)?; folder.delete(conn)?;
} }
Ok(()) Ok(())
} }

20
src/db/models/organization.rs
View File

@ -228,10 +228,10 @@ impl Organization {
pub fn delete(self, conn: &DbConn) -> EmptyResult { pub fn delete(self, conn: &DbConn) -> EmptyResult {
use super::{Cipher, Collection}; use super::{Cipher, Collection};
Cipher::delete_all_by_organization(&self.uuid, &conn)?; Cipher::delete_all_by_organization(&self.uuid, conn)?;
Collection::delete_all_by_organization(&self.uuid, &conn)?; Collection::delete_all_by_organization(&self.uuid, conn)?;
UserOrganization::delete_all_by_organization(&self.uuid, &conn)?; UserOrganization::delete_all_by_organization(&self.uuid, conn)?;
OrgPolicy::delete_all_by_organization(&self.uuid, &conn)?; OrgPolicy::delete_all_by_organization(&self.uuid, conn)?;
db_run! { conn: { db_run! { conn: {
diesel::delete(organizations::table.filter(organizations::uuid.eq(self.uuid))) diesel::delete(organizations::table.filter(organizations::uuid.eq(self.uuid)))
@ -402,7 +402,7 @@ impl UserOrganization {
pub fn delete(self, conn: &DbConn) -> EmptyResult { pub fn delete(self, conn: &DbConn) -> EmptyResult {
User::update_uuid_revision(&self.user_uuid, conn); User::update_uuid_revision(&self.user_uuid, conn);
CollectionUser::delete_all_by_user_and_org(&self.user_uuid, &self.org_uuid, &conn)?; CollectionUser::delete_all_by_user_and_org(&self.user_uuid, &self.org_uuid, conn)?;
db_run! { conn: { db_run! { conn: {
diesel::delete(users_organizations::table.filter(users_organizations::uuid.eq(self.uuid))) diesel::delete(users_organizations::table.filter(users_organizations::uuid.eq(self.uuid)))
@ -412,22 +412,22 @@ impl UserOrganization {
} }
pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult {
for user_org in Self::find_by_org(&org_uuid, &conn) { for user_org in Self::find_by_org(org_uuid, conn) {
user_org.delete(&conn)?; user_org.delete(conn)?;
} }
Ok(()) Ok(())
} }
pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
for user_org in Self::find_any_state_by_user(&user_uuid, &conn) { for user_org in Self::find_any_state_by_user(user_uuid, conn) {
user_org.delete(&conn)?; user_org.delete(conn)?;
} }
Ok(()) Ok(())
} }
pub fn find_by_email_and_org(email: &str, org_id: &str, conn: &DbConn) -> Option<UserOrganization> { pub fn find_by_email_and_org(email: &str, org_id: &str, conn: &DbConn) -> Option<UserOrganization> {
if let Some(user) = super::User::find_by_mail(email, conn) { if let Some(user) = super::User::find_by_mail(email, conn) {
if let Some(user_org) = UserOrganization::find_by_user_and_org(&user.uuid, org_id, &conn) { if let Some(user_org) = UserOrganization::find_by_user_and_org(&user.uuid, org_id, conn) {
return Some(user_org); return Some(user_org);
} }
} }

10
src/db/models/send.rs
View File

@ -227,15 +227,15 @@ impl Send {
/// Purge all sends that are past their deletion date. /// Purge all sends that are past their deletion date.
pub fn purge(conn: &DbConn) { pub fn purge(conn: &DbConn) {
for send in Self::find_by_past_deletion_date(&conn) { for send in Self::find_by_past_deletion_date(conn) {
send.delete(&conn).ok(); send.delete(conn).ok();
} }
} }
pub fn update_users_revision(&self, conn: &DbConn) { pub fn update_users_revision(&self, conn: &DbConn) {
match &self.user_uuid { match &self.user_uuid {
Some(user_uuid) => { Some(user_uuid) => {
User::update_uuid_revision(&user_uuid, conn); User::update_uuid_revision(user_uuid, conn);
} }
None => { None => {
// Belongs to Organization, not implemented // Belongs to Organization, not implemented
@ -244,8 +244,8 @@ impl Send {
} }
pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult { pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
for send in Self::find_by_user(user_uuid, &conn) { for send in Self::find_by_user(user_uuid, conn) {
send.delete(&conn)?; send.delete(conn)?;
} }
Ok(()) Ok(())
} }

6
src/db/models/two_factor.rs
View File

@ -171,7 +171,7 @@ impl TwoFactor {
continue; continue;
} }
let (_, mut webauthn_regs) = get_webauthn_registrations(&u2f.user_uuid, &conn)?; let (_, mut webauthn_regs) = get_webauthn_registrations(&u2f.user_uuid, conn)?;
// If the user already has webauthn registrations saved, don't overwrite them // If the user already has webauthn registrations saved, don't overwrite them
if !webauthn_regs.is_empty() { if !webauthn_regs.is_empty() {
@ -210,10 +210,10 @@ impl TwoFactor {
} }
u2f.data = serde_json::to_string(&regs)?; u2f.data = serde_json::to_string(&regs)?;
u2f.save(&conn)?; u2f.save(conn)?;
TwoFactor::new(u2f.user_uuid.clone(), TwoFactorType::Webauthn, serde_json::to_string(&webauthn_regs)?) TwoFactor::new(u2f.user_uuid.clone(), TwoFactorType::Webauthn, serde_json::to_string(&webauthn_regs)?)
.save(&conn)?; .save(conn)?;
} }
Ok(()) Ok(())

6
src/db/models/user.rs
View File

@ -187,7 +187,7 @@ use crate::error::MapResult;
impl User { impl User {
pub fn to_json(&self, conn: &DbConn) -> Value { pub fn to_json(&self, conn: &DbConn) -> Value {
let orgs = UserOrganization::find_by_user(&self.uuid, conn); let orgs = UserOrganization::find_by_user(&self.uuid, conn);
let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(&conn)).collect(); let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(conn)).collect();
let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty(); let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty();
// TODO: Might want to save the status field in the DB // TODO: Might want to save the status field in the DB
@ -398,8 +398,8 @@ impl Invitation {
} }
pub fn take(mail: &str, conn: &DbConn) -> bool { pub fn take(mail: &str, conn: &DbConn) -> bool {
match Self::find_by_mail(mail, &conn) { match Self::find_by_mail(mail, conn) {
Some(invitation) => invitation.delete(&conn).is_ok(), Some(invitation) => invitation.delete(conn).is_ok(),
None => false, None => false,
} }
} }

50
src/error.rs
View File

@ -61,31 +61,31 @@ pub struct Empty {}
// The second one contains the function used to obtain the response sent to the client // The second one contains the function used to obtain the response sent to the client
make_error! { make_error! {
// Just an empty error // Just an empty error
EmptyError(Empty): _no_source, _serialize, Empty(Empty): _no_source, _serialize,
// Used to represent err! calls // Used to represent err! calls
SimpleError(String): _no_source, _api_error, Simple(String): _no_source, _api_error,
// Used for special return values, like 2FA errors // Used for special return values, like 2FA errors
JsonError(Value): _no_source, _serialize, Json(Value): _no_source, _serialize,
DbError(DieselErr): _has_source, _api_error, Db(DieselErr): _has_source, _api_error,
R2d2Error(R2d2Err): _has_source, _api_error, R2d2(R2d2Err): _has_source, _api_error,
U2fError(U2fErr): _has_source, _api_error, U2f(U2fErr): _has_source, _api_error,
SerdeError(SerdeErr): _has_source, _api_error, Serde(SerdeErr): _has_source, _api_error,
JWtError(JwtErr): _has_source, _api_error, JWt(JwtErr): _has_source, _api_error,
TemplError(HbErr): _has_source, _api_error, Handlebars(HbErr): _has_source, _api_error,
//WsError(ws::Error): _has_source, _api_error, //WsError(ws::Error): _has_source, _api_error,
IoError(IoErr): _has_source, _api_error, Io(IoErr): _has_source, _api_error,
TimeError(TimeErr): _has_source, _api_error, Time(TimeErr): _has_source, _api_error,
ReqError(ReqErr): _has_source, _api_error, Req(ReqErr): _has_source, _api_error,
RegexError(RegexErr): _has_source, _api_error, Regex(RegexErr): _has_source, _api_error,
YubiError(YubiErr): _has_source, _api_error, Yubico(YubiErr): _has_source, _api_error,
LettreError(LettreErr): _has_source, _api_error, Lettre(LettreErr): _has_source, _api_error,
AddressError(AddrErr): _has_source, _api_error, Address(AddrErr): _has_source, _api_error,
SmtpError(SmtpErr): _has_source, _api_error, Smtp(SmtpErr): _has_source, _api_error,
DieselConError(DieselConErr): _has_source, _api_error, DieselCon(DieselConErr): _has_source, _api_error,
DieselMigError(DieselMigErr): _has_source, _api_error, DieselMig(DieselMigErr): _has_source, _api_error,
WebauthnError(WebauthnErr): _has_source, _api_error, Webauthn(WebauthnErr): _has_source, _api_error,
} }
impl std::fmt::Debug for Error { impl std::fmt::Debug for Error {
@ -93,15 +93,15 @@ impl std::fmt::Debug for Error {
match self.source() { match self.source() {
Some(e) => write!(f, "{}.\n[CAUSE] {:#?}", self.message, e), Some(e) => write!(f, "{}.\n[CAUSE] {:#?}", self.message, e),
None => match self.error { None => match self.error {
ErrorKind::EmptyError(_) => Ok(()), ErrorKind::Empty(_) => Ok(()),
ErrorKind::SimpleError(ref s) => { ErrorKind::Simple(ref s) => {
if &self.message == s { if &self.message == s {
write!(f, "{}", self.message) write!(f, "{}", self.message)
} else { } else {
write!(f, "{}. {}", self.message, s) write!(f, "{}. {}", self.message, s)
} }
} }
ErrorKind::JsonError(_) => write!(f, "{}", self.message), ErrorKind::Json(_) => write!(f, "{}", self.message),
_ => unreachable!(), _ => unreachable!(),
}, },
} }
@ -189,8 +189,8 @@ use rocket::response::{self, Responder, Response};
impl<'r> Responder<'r> for Error { impl<'r> Responder<'r> for Error {
fn respond_to(self, _: &Request) -> response::Result<'r> { fn respond_to(self, _: &Request) -> response::Result<'r> {
match self.error { match self.error {
ErrorKind::EmptyError(_) => {} // Don't print the error in this situation ErrorKind::Empty(_) => {} // Don't print the error in this situation
ErrorKind::SimpleError(_) => {} // Don't print the error in this situation ErrorKind::Simple(_) => {} // Don't print the error in this situation
_ => error!(target: "error", "{:#?}", self), _ => error!(target: "error", "{:#?}", self),
}; };

Write Preview
Loading…
Cancel
Save