Jake Howard
4 years ago
No known key found for this signature in database
GPG Key ID: 57AFB45680EDD477
4 changed files with
9 additions and
12 deletions
-
src/api/admin.rs
-
src/api/core/ciphers.rs
-
src/api/core/two_factor/authenticator.rs
-
src/db/models/org_policy.rs
|
|
|
@ -142,8 +142,12 @@ fn admin_url(referer: Referer) -> String { |
|
|
|
fn admin_login(flash: Option<FlashMessage>) -> ApiResult<Html<String>> { |
|
|
|
// If there is an error, show it
|
|
|
|
let msg = flash.map(|msg| format!("{}: {}", msg.name(), msg.msg())); |
|
|
|
let json = |
|
|
|
json!({"page_content": "admin/login", "version": VERSION, "error": msg, "urlpath": CONFIG.domain_path()}); |
|
|
|
let json = json!({ |
|
|
|
"page_content": "admin/login", |
|
|
|
"version": VERSION, |
|
|
|
"error": msg, |
|
|
|
"urlpath": CONFIG.domain_path() |
|
|
|
}); |
|
|
|
|
|
|
|
// Return the page
|
|
|
|
let text = CONFIG.render_template(BASE_TEMPLATE, &json)?; |
|
|
|
|
|
|
|
@ -281,10 +281,7 @@ fn enforce_personal_ownership_policy(data: &CipherData, headers: &Headers, conn: |
|
|
|
let user_uuid = &headers.user.uuid; |
|
|
|
let policy_type = OrgPolicyType::PersonalOwnership; |
|
|
|
if OrgPolicy::is_applicable_to_user(user_uuid, policy_type, conn) { |
|
|
|
err!( |
|
|
|
"Due to an Enterprise Policy, you are restricted from \ |
|
|
|
saving items to your personal vault." |
|
|
|
) |
|
|
|
err!("Due to an Enterprise Policy, you are restricted from saving items to your personal vault.") |
|
|
|
} |
|
|
|
} |
|
|
|
Ok(()) |
|
|
|
|
|
|
|
@ -141,11 +141,7 @@ pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, ip: &Cl |
|
|
|
// The amount of steps back and forward in time
|
|
|
|
// Also check if we need to disable time drifted TOTP codes.
|
|
|
|
// If that is the case, we set the steps to 0 so only the current TOTP is valid.
|
|
|
|
let steps: i64 = if CONFIG.authenticator_disable_time_drift() { |
|
|
|
0 |
|
|
|
} else { |
|
|
|
1 |
|
|
|
}; |
|
|
|
let steps = !CONFIG.authenticator_disable_time_drift() as i64; |
|
|
|
|
|
|
|
for step in -steps..=steps { |
|
|
|
let time_step = current_timestamp / 30i64 + step; |
|
|
|
|
|
|
|
@ -174,8 +174,8 @@ impl OrgPolicy { |
|
|
|
/// and the user is not an owner or admin of that org. This is only useful for checking
|
|
|
|
/// applicability of policy types that have these particular semantics.
|
|
|
|
pub fn is_applicable_to_user(user_uuid: &str, policy_type: OrgPolicyType, conn: &DbConn) -> bool { |
|
|
|
// Returns confirmed users only.
|
|
|
|
for policy in OrgPolicy::find_by_user(user_uuid, conn) { |
|
|
|
// Returns confirmed users only.
|
|
|
|
if policy.enabled && policy.has_type(policy_type) { |
|
|
|
let org_uuid = &policy.org_uuid; |
|
|
|
if let Some(user) = UserOrganization::find_by_user_and_org(user_uuid, org_uuid, conn) { |
|
|
|
|
