vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 044cf199135b00e0fee27a8bc0e820baeb0988b6
parent 3cb911a52f4a8e4e1aa69f4023b6a8cc1ebf21cb
Author: Miroslav Prasil <miroslav@prasil.info>
Date:   Fri, 16 Nov 2018 14:21:26 +0000

Prevent accepted user from seeing ciphers until confirmed (fixes #196)

Diffstat:

Msrc/db/models/cipher.rs | 4+++-


1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs
@@ -318,7 +318,9 @@ impl Cipher {
         .filter(ciphers::user_uuid.eq(user_uuid).or( // Cipher owner
             users_organizations::access_all.eq(true).or( // access_all in Organization
                 users_organizations::type_.le(UserOrgType::Admin as i32).or( // Org admin or owner
-                    users_collections::user_uuid.eq(user_uuid) // Access to Collection
+                    users_collections::user_uuid.eq(user_uuid).and( // Access to Collection
+                        users_organizations::status.eq(UserOrgStatus::Confirmed as i32)
+                    )
                 )
             )
         ))