topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix invited user registration without SMTP (#5712)

pull/5743/head
Timshel 7 months ago
committed by GitHub
parent
3a1f1bae00
commit
f960bf59bb
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      src/api/identity.rs

20
src/api/identity.rs
View File

@ -744,8 +744,13 @@ async fn register_verification_email(
let should_send_mail = CONFIG.mail_enabled() && CONFIG.signups_verify(); let should_send_mail = CONFIG.mail_enabled() && CONFIG.signups_verify();
if User::find_by_mail(&data.email, &mut conn).await.is_some() { let token_claims =
if should_send_mail { crate::auth::generate_register_verify_claims(data.email.clone(), data.name.clone(), should_send_mail);
let token = crate::auth::encode_jwt(&token_claims);
if should_send_mail {
let user = User::find_by_mail(&data.email, &mut conn).await;
if user.filter(|u| u.private_key.is_some()).is_some() {
// There is still a timing side channel here in that the code // There is still a timing side channel here in that the code
// paths that send mail take noticeably longer than ones that // paths that send mail take noticeably longer than ones that
// don't. Add a randomized sleep to mitigate this somewhat. // don't. Add a randomized sleep to mitigate this somewhat.
@ -754,16 +759,9 @@ async fn register_verification_email(
let delta: i32 = 100; let delta: i32 = 100;
let sleep_ms = (1_000 + rng.random_range(-delta..=delta)) as u64; let sleep_ms = (1_000 + rng.random_range(-delta..=delta)) as u64;
tokio::time::sleep(tokio::time::Duration::from_millis(sleep_ms)).await; tokio::time::sleep(tokio::time::Duration::from_millis(sleep_ms)).await;
} else {
mail::send_register_verify_email(&data.email, &token).await?;
} }
return Ok(RegisterVerificationResponse::NoContent(()));
}
let token_claims =
crate::auth::generate_register_verify_claims(data.email.clone(), data.name.clone(), should_send_mail);
let token = crate::auth::encode_jwt(&token_claims);
if should_send_mail {
mail::send_register_verify_email(&data.email, &token).await?;
Ok(RegisterVerificationResponse::NoContent(())) Ok(RegisterVerificationResponse::NoContent(()))
} else { } else {

Write Preview
Loading…
Cancel
Save