Merge remote-tracking branch 'dani/main' into sso-support

1 month ago · b85ef22f98
2 changed files with 13 additions and 6 deletions
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@ -3406,13 +3406,17 @@ async fn put_reset_password_enrollment(
    let reset_request = data.into_inner();
-    if reset_request.reset_password_key.is_none()
+    let reset_password_key = match reset_request.reset_password_key {
-        && OrgPolicy::org_is_reset_password_auto_enroll(&org_id, &mut conn).await
+        None => None,
-    {
+        Some(ref key) if key.is_empty() => None,
        Some(key) => Some(key),
    };
    if reset_password_key.is_none() && OrgPolicy::org_is_reset_password_auto_enroll(&org_id, &mut conn).await {
        err!("Reset password can't be withdrawn due to an enterprise policy");
    }
-    if reset_request.reset_password_key.is_some() {
+    if reset_password_key.is_some() {
        PasswordOrOtpData {
            master_password_hash: reset_request.master_password_hash,
            otp: reset_request.otp,
@ -3421,7 +3425,7 @@ async fn put_reset_password_enrollment(
        .await?;
    }
-    member.reset_password_key = reset_request.reset_password_key;
+    member.reset_password_key = reset_password_key;
    member.save(&mut conn).await?;
    let log_id = if member.reset_password_key.is_some() {
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@ -896,7 +896,10 @@ async fn register_verification_email(
 ) -> ApiResult<RegisterVerificationResponse> {
    let data = data.into_inner();
-    if !CONFIG.is_signup_allowed(&data.email) {
+    // the registration can only continue if signup is allowed or there exists an invitation
    if !(CONFIG.is_signup_allowed(&data.email)
        || (!CONFIG.mail_enabled() && Invitation::find_by_mail(&data.email, &mut conn).await.is_some()))
    {
        err!("Registration not allowed or user already exists")
    }