vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 0a74e79ceaf809a8481afb9d97dbba0aef807745
parent 7db66f73f03e577132fabd88a8089bece1549c0f
Author: Nick Fox <nick@foxsec.net>
Date:   Sat,  5 Jan 2019 23:03:49 -0500

Refactor generate_invite_claims, make org_name and org_id optional

Diffstat:
Msrc/api/admin.rs | 12+-----------
Msrc/api/core/organizations.rs | 47++++++++++++++++++++++-------------------------
Msrc/auth.rs | 4++--
Msrc/mail.rs | 19++++++++++++++-----
4 files changed, 39 insertions(+), 43 deletions(-)

diff --git a/src/api/admin.rs b/src/api/admin.rs @@ -4,7 +4,6 @@ use serde_json::Value; use crate::api::{JsonResult, JsonUpcase}; use crate::CONFIG; -use crate::auth::{encode_jwt, generate_invite_claims}; use crate::mail; use crate::db::models::*; use crate::db::DbConn; @@ -48,17 +47,8 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) - if let Some(ref mail_config) = CONFIG.mail { let mut user = User::new(email); user.save(&conn)?; - let org_id = String::from("00000000-0000-0000-0000-000000000000"); - let claims = generate_invite_claims( - user.uuid.to_string(), - user.email.clone(), - org_id.clone(), - None, - None, - ); let org_name = "bitwarden_rs"; - let invite_token = encode_jwt(&claims); - mail::send_invite(&user.email, &org_id, &user.uuid, &invite_token, &org_name, mail_config)?; + mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?; } Ok(Json(json!({}))) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -7,7 +7,7 @@ use crate::db::DbConn; use crate::CONFIG; use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType}; -use crate::auth::{decode_invite_jwt, generate_invite_claims, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders}; +use crate::auth::{decode_invite_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders}; use crate::mail; @@ -506,15 +506,16 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade Some(org) => org.name, None => err!("Error looking up organization"), }; - let claims = generate_invite_claims( - user.uuid.to_string(), - user.email.clone(), - org_id.clone(), - Some(new_user.uuid.clone()), - Some(headers.user.email.clone()), - ); - let invite_token = encode_jwt(&claims); - mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?; + + mail::send_invite( + &email, + &user.uuid, + Some(org_id.clone()), + Some(new_user.uuid), + &org_name, + Some(headers.user.email.clone()), + mail_config + )?; } } @@ -550,21 +551,14 @@ fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn: None => err!("Error looking up organization."), }; - let claims = generate_invite_claims( - user.uuid.to_string(), - user.email.clone(), - org_id.clone(), - Some(user_org.uuid.clone()), - Some(headers.user.email.clone()), - ); - let invite_token = encode_jwt(&claims); if let Some(ref mail_config) = CONFIG.mail { mail::send_invite( &user.email, - &org_id, - &user_org.uuid, - &invite_token, + &user.uuid, + Some(org_id), + Some(user_org.uuid), &org_name, + Some(headers.user.email), mail_config, )?; } @@ -588,10 +582,10 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD match User::find_by_mail(&claims.email, &conn) { Some(_) => { Invitation::take(&claims.email, &conn); - if claims.user_org_id.is_some() { + if claims.user_org_id.is_some() && claims.org_id.is_some() { // If this isn't the virtual_org, mark userorg as accepted let mut user_org = - match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) { + match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id.clone().unwrap(), &conn) { Some(user_org) => user_org, None => err!("Error accepting the invitation"), }; @@ -605,9 +599,12 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD } if let Some(ref mail_config) = CONFIG.mail { - let org_name = match Organization::find_by_uuid(&claims.org_id, &conn) { + let mut org_name = String::from("bitwarden_rs"); + if let Some(org_id) = &claims.org_id { + org_name = match Organization::find_by_uuid(&org_id, &conn) { Some(org) => org.name, - None => String::from("bitwarden_rs"), + None => err!("Organization not found.") + }; }; if let Some(invited_by_email) = &claims.invited_by_email { // User was invited to an organization, so they must be confirmed manually after acceptance diff --git a/src/auth.rs b/src/auth.rs @@ -116,14 +116,14 @@ pub struct InviteJWTClaims { pub sub: String, pub email: String, - pub org_id: String, + pub org_id: Option<String>, pub user_org_id: Option<String>, pub invited_by_email: Option<String>, } pub fn generate_invite_claims(uuid: String, email: String, - org_id: String, + org_id: Option<String>, org_user_id: Option<String>, invited_by_email: Option<String>, ) -> InviteJWTClaims { diff --git a/src/mail.rs b/src/mail.rs @@ -6,7 +6,7 @@ use native_tls::{Protocol, TlsConnector}; use crate::MailConfig; use crate::CONFIG; - +use crate::auth::{generate_invite_claims, encode_jwt}; use crate::api::EmptyResult; use crate::error::Error; @@ -58,12 +58,21 @@ pub fn send_password_hint(address: &str, hint: Option<String>, config: &MailConf pub fn send_invite( address: &str, - org_id: &str, - org_user_id: &str, - token: &str, + uuid: &str, + org_id: Option<String>, + org_user_id: Option<String>, org_name: &str, + invited_by_email: Option<String>, config: &MailConfig, ) -> EmptyResult { + let claims = generate_invite_claims( + uuid.to_string(), + String::from(address), + org_id.clone(), + org_user_id.clone(), + invited_by_email.clone(), + ); + let invite_token = encode_jwt(&claims); let (subject, body) = { (format!("Join {}", &org_name), format!( @@ -72,7 +81,7 @@ pub fn send_invite( <a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p> <p>If you do not wish to join this organization, you can safely ignore this email.</p> </html>", - org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token + org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token )) };