topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update admin page to work with new invitation flow

pull/323/head
Nick Fox 7 years ago
parent
736c0e62f2
commit
cec28a85ac
No known key found for this signature in database GPG Key ID: 82719985805A7CA8
4 changed files with 120 additions and 75 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      src/api/admin.rs
  2. 78
      src/api/core/organizations.rs
  3. 23
      src/auth.rs
  4. 70
      src/mail.rs

20
src/api/admin.rs
View File

@ -4,6 +4,8 @@ use serde_json::Value;
use crate::api::{JsonResult, JsonUpcase}; use crate::api::{JsonResult, JsonUpcase};
use crate::CONFIG; use crate::CONFIG;
use crate::auth::{encode_jwt, generate_invite_claims};
use crate::mail;
use crate::db::models::*; use crate::db::models::*;
use crate::db::DbConn; use crate::db::DbConn;
@ -31,7 +33,7 @@ fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult {
#[post("/invite", data = "<data>")] #[post("/invite", data = "<data>")]
fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult { fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
let data: InviteData = data.into_inner().data; let data: InviteData = data.into_inner().data;
let email = data.Email.clone();
if User::find_by_mail(&data.Email, &conn).is_some() { if User::find_by_mail(&data.Email, &conn).is_some() {
err!("User already exists") err!("User already exists")
} }
@ -43,7 +45,21 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
let mut invitation = Invitation::new(data.Email); let mut invitation = Invitation::new(data.Email);
invitation.save(&conn)?; invitation.save(&conn)?;
// TODO: Might want to send an email? if let Some(ref mail_config) = CONFIG.mail {
let mut user = User::new(email);
user.save(&conn)?;
let org_id = String::from("00000000-0000-0000-0000-000000000000");
let claims = generate_invite_claims(
user.uuid.to_string(),
user.email.clone(),
org_id.clone(),
None,
None,
);
let org_name = "bitwarden_rs";
let invite_token = encode_jwt(&claims);
mail::send_invite(&user.email, &org_id, &user.uuid, &invite_token, &org_name, mail_config)?;
}
Ok(Json(json!({}))) Ok(Json(json!({})))
} }

78
src/api/core/organizations.rs
View File

@ -7,14 +7,12 @@ use crate::db::DbConn;
use crate::CONFIG; use crate::CONFIG;
use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType}; use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
use crate::auth::{decode_invite_jwt, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders, JWT_ISSUER}; use crate::auth::{decode_invite_jwt, generate_invite_claims, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders};
use crate::mail; use crate::mail;
use serde::{Deserialize, Deserializer}; use serde::{Deserialize, Deserializer};
use chrono::{Duration, Utc};
use rocket::Route; use rocket::Route;
pub fn routes() -> Vec<Route> { pub fn routes() -> Vec<Route> {
@ -513,19 +511,10 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
user.email.clone(), user.email.clone(),
org_id.clone(), org_id.clone(),
Some(new_user.uuid.clone()), Some(new_user.uuid.clone()),
headers.user.email.clone(), Some(headers.user.email.clone()),
); );
let invite_token = encode_jwt(&claims); let invite_token = encode_jwt(&claims);
let subject = format!("Join {}", &org_name); mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?;
let body = format!(
"<html>
<p>You have been invited to join the <b>{}</b> organization.<br><br>
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
</html>",
org_name, CONFIG.domain, org_id, &new_user.uuid, &user.email, org_name, invite_token
);
mail::send_email(&user.email, &subject, &body, mail_config)?;
} }
} }
@ -566,20 +555,18 @@ fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn:
user.email.clone(), user.email.clone(),
org_id.clone(), org_id.clone(),
Some(user_org.uuid.clone()), Some(user_org.uuid.clone()),
headers.user.email.clone(), Some(headers.user.email.clone()),
); );
let invite_token = encode_jwt(&claims); let invite_token = encode_jwt(&claims);
if let Some(ref mail_config) = CONFIG.mail { if let Some(ref mail_config) = CONFIG.mail {
let subject = format!("Join {}", &org_name); mail::send_invite(
let body = format!( &user.email,
"<html> &org_id,
<p>You have been invited to join the <b>{}</b> organization.<br><br> &user_org.uuid,
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p> &invite_token,
<p>If you do not wish to join this organization, you can safely ignore this email.</p> &org_name,
</html>", mail_config,
org_name, CONFIG.domain, org_id, user_org.uuid, &user.email, org_name, invite_token )?;
);
mail::send_email(&user.email, &subject, &body, mail_config)?;
} }
Ok(()) Ok(())
@ -591,25 +578,6 @@ struct AcceptData {
Token: String, Token: String,
} }
fn generate_invite_claims(uuid: String,
email: String,
org_id: String,
org_user_id: Option<String>,
inviter_email: String,
) -> InviteJWTClaims {
let time_now = Utc::now().naive_utc();
InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: uuid.clone(),
email: email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
inviter_email: inviter_email.clone(),
}
}
#[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")] #[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")]
fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult { fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead // The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
@ -639,14 +607,15 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
if let Some(ref mail_config) = CONFIG.mail { if let Some(ref mail_config) = CONFIG.mail {
let org_name = match Organization::find_by_uuid(&claims.org_id, &conn) { let org_name = match Organization::find_by_uuid(&claims.org_id, &conn) {
Some(org) => org.name, Some(org) => org.name,
None => err!("Error looking up organization."), None => String::from("bitwarden_rs"),
}; };
let subject = "Invitation accepted"; if claims.invited_by_email.is_some() {
let body = format!( // User was invited to an organization, so they must be confirmed manually after acceptance
"<html> mail::send_invite_accepted(&claims.email, &claims.invited_by_email.unwrap(), &org_name, mail_config)?;
<p>Your invitation to <b>{}</b> to join <b>{}</b> was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.</p> } else {
</html>", claims.email, org_name); // User was invited from /admin, so they are automatically confirmed
mail::send_email(&claims.inviter_email, &subject, &body, mail_config)?; mail::send_invite_confirmed(&claims.email, &org_name, mail_config)?;
}
} }
Ok(()) Ok(())
@ -690,12 +659,7 @@ fn confirm_invite(
Some(user) => user.email, Some(user) => user.email,
None => err!("Error looking up user."), None => err!("Error looking up user."),
}; };
let subject = format!("Invitation to {} confirmed", org_name); mail::send_invite_confirmed(&address, &org_name, mail_config)?;
let body = format!(
"<html>
<p>Your invitation to join <b>{}</b> was accepted. It will now appear under the Organizations the next time you log into the web vault.</p>
</html>", org_name);
mail::send_email(&address, &subject, &body, mail_config)?;
} }
user_to_confirm.save(&conn) user_to_confirm.save(&conn)

23
src/auth.rs
View File

@ -2,7 +2,7 @@
// JWT Handling // JWT Handling
// //
use crate::util::read_file; use crate::util::read_file;
use chrono::Duration; use chrono::{Duration, Utc};
use jsonwebtoken::{self, Algorithm, Header}; use jsonwebtoken::{self, Algorithm, Header};
use serde::ser::Serialize; use serde::ser::Serialize;
@ -118,7 +118,26 @@ pub struct InviteJWTClaims {
pub email: String, pub email: String,
pub org_id: String, pub org_id: String,
pub user_org_id: Option<String>, pub user_org_id: Option<String>,
pub inviter_email: String, pub invited_by_email: Option<String>,
}
pub fn generate_invite_claims(uuid: String,
email: String,
org_id: String,
org_user_id: Option<String>,
invited_by_email: Option<String>,
) -> InviteJWTClaims {
let time_now = Utc::now().naive_utc();
InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: uuid.clone(),
email: email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
invited_by_email: invited_by_email.clone(),
}
} }
// //

70
src/mail.rs
View File

@ -5,6 +5,7 @@ use lettre_email::EmailBuilder;
use native_tls::{Protocol, TlsConnector}; use native_tls::{Protocol, TlsConnector};
use crate::MailConfig; use crate::MailConfig;
use crate::CONFIG;
use crate::api::EmptyResult; use crate::api::EmptyResult;
use crate::error::Error; use crate::error::Error;
@ -52,21 +53,66 @@ pub fn send_password_hint(address: &str, hint: Option<String>, config: &MailConf
) )
}; };
let email = EmailBuilder::new() send_email(&address, &subject, &body, &config)
.to(address) }
.from((config.smtp_from.clone(), "Bitwarden-rs"))
.subject(subject)
.body(body)
.build()
.map_err(|e| Error::new("Error building hint email", e.to_string()))?;
mailer(config) pub fn send_invite(
.send(email.into()) address: &str,
.map_err(|e| Error::new("Error sending hint email", e.to_string())) org_id: &str,
.and(Ok(())) org_user_id: &str,
token: &str,
org_name: &str,
config: &MailConfig,
) -> EmptyResult {
let (subject, body) = {
(format!("Join {}", &org_name),
format!(
"<html>
<p>You have been invited to join the <b>{}</b> organization.<br><br>
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
</html>",
org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token
))
};
send_email(&address, &subject, &body, &config)
}
pub fn send_invite_accepted(
new_user_email: &str,
address: &str,
org_name: &str,
config: &MailConfig,
) -> EmptyResult {
let (subject, body) = {
("Invitation accepted",
format!(
"<html>
<p>Your invitation to <b>{}</b> to join <b>{}</b> was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.</p>
</html>", new_user_email, org_name))
};
send_email(&address, &subject, &body, &config)
}
pub fn send_invite_confirmed(
address: &str,
org_name: &str,
config: &MailConfig,
) -> EmptyResult {
let (subject, body) = {
(format!("Invitation to {} confirmed", org_name),
format!(
"<html>
<p>Your invitation to join <b>{}</b> was accepted. It will now appear under the Organizations the next time you log into the web vault.</p>
</html>", org_name))
};
send_email(&address, &subject, &body, &config)
} }
pub fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult { fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult {
let email = EmailBuilder::new() let email = EmailBuilder::new()
.to(address) .to(address)
.from((config.smtp_from.clone(), "Bitwarden-rs")) .from((config.smtp_from.clone(), "Bitwarden-rs"))

Write Preview
Loading…
Cancel
Save