topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Refactor invite claims and disallow reinvites to virtual_org

pull/318/head
Nick Fox 6 years ago
parent
3142d8d01f
commit
f20c4705d9
No known key found for this signature in database GPG Key ID: 82719985805A7CA8
1 changed files with 33 additions and 44 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 77
      src/api/core/organizations.rs

77
src/api/core/organizations.rs
View File

@ -10,8 +10,12 @@ use crate::db::models::*;
use crate::api::{PasswordData, JsonResult, EmptyResult, NumberOrString, JsonUpcase, WebSocketUsers, UpdateType};
use crate::auth::{Headers, AdminHeaders, OwnerHeaders, encode_jwt, decode_invite_jwt, InviteJWTClaims, JWT_ISSUER};
use crate::mail;
use serde::{Deserialize, Deserializer};
use chrono::{Duration, Utc};
use rocket::Route;
pub fn routes() -> Vec<Route> {
@ -45,7 +49,6 @@ pub fn routes() -> Vec<Route> {
put_organization_user,
delete_user,
post_delete_user,
post_reinvite_user,
post_org_import,
]
}
@ -486,22 +489,11 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
}
if CONFIG.mail.is_some() {
use crate::mail;
use chrono::{Duration, Utc};
let time_now = Utc::now().naive_utc();
let claims = InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: user.uuid.to_string(),
email: email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
};
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
Some(org) => org.name,
None => err!("Error looking up organization")
};
let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), org_user_id.clone());
let invite_token = encode_jwt(&claims);
if let Some(ref mail_config) = CONFIG.mail {
if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()),
@ -515,8 +507,8 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
Ok(())
}
#[post("/organizations/<org_id>/users/<user_uuid>/reinvite", data = "<_data>")]
fn reinvite_user(org_id: String, user_uuid: String, _data: JsonUpcase<InviteData>, _headers: AdminHeaders, conn: DbConn) -> EmptyResult {
#[post("/organizations/<org_id>/users/<user_org>/reinvite")]
fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult {
if !CONFIG.invitations_allowed {
err!("Invitations are not allowed.")
}
@ -525,7 +517,16 @@ fn reinvite_user(org_id: String, user_uuid: String, _data: JsonUpcase<InviteData
err!("SMTP is not configured.")
}
let user = match User::find_by_uuid(&user_uuid, &conn) {
if org_id == Organization::VIRTUAL_ID {
err!("This functionality is incompatible with the bitwarden_rs virtual organization. Please delete the user and send a new invitation.")
}
let user_org = match UserOrganization::find_by_uuid(&user_org, &conn) {
Some(user_org) => user_org,
None => err!("UserOrg not found."),
};
let user = match User::find_by_uuid(&user_org.user_uuid, &conn) {
Some(user) => user,
None => err!("User not found."),
};
@ -534,35 +535,15 @@ fn reinvite_user(org_id: String, user_uuid: String, _data: JsonUpcase<InviteData
err!("No invitation found for user to resend. Try inviting them first.")
}
let mut org_user_id = None;
if org_id != Organization::VIRTUAL_ID {
org_user_id = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) {
Some(org_user) => Some(org_user.uuid),
None => None,
};
}
use crate::mail;
use chrono::{Duration, Utc};
let time_now = Utc::now().naive_utc();
let claims = InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: user.uuid.to_string(),
email: user.email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
};
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
Some(org) => org.name,
None => err!("Error looking up organization")
None => err!("Error looking up organization.")
};
let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), Some(user_org.uuid.clone()));
let invite_token = encode_jwt(&claims);
if let Some(ref mail_config) = CONFIG.mail {
if let Err(e) = mail::send_invite(&user.email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()),
&invite_token, &org_name, mail_config) {
if let Err(e) = mail::send_invite(&user.email, &org_id, &user_org.uuid, &invite_token, &org_name, mail_config) {
err!(format!("There has been a problem sending the email: {}", e))
}
}
@ -576,6 +557,19 @@ struct AcceptData {
Token: String,
}
fn generate_invite_claims(uuid: String, email: String, org_id: String, org_user_id: Option<String>) -> InviteJWTClaims {
let time_now = Utc::now().naive_utc();
InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: uuid.clone(),
email: email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
}
}
#[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")]
fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
@ -784,11 +778,6 @@ fn post_delete_user(org_id: String, org_user_id: String, headers: AdminHeaders,
delete_user(org_id, org_user_id, headers, conn)
}
#[post("/organizations/<_org_id>/users/<_org_user_id>/reinvite")]
fn post_reinvite_user(_org_id: String, _org_user_id: String, _headers: AdminHeaders, _conn: DbConn) -> EmptyResult {
err!("This functionality is not implemented. The user needs to manually register before they can be accepted into the organization.")
}
use super::ciphers::CipherData;
use super::ciphers::update_cipher_from_data;

Write Preview
Loading…
Cancel
Save