commit 0a74e79ceaf809a8481afb9d97dbba0aef807745
parent 7db66f73f03e577132fabd88a8089bece1549c0f
Author: Nick Fox <nick@foxsec.net>
Date: Sat, 5 Jan 2019 23:03:49 -0500
Refactor generate_invite_claims, make org_name and org_id optional
Diffstat:
4 files changed, 39 insertions(+), 43 deletions(-)
diff --git a/src/api/admin.rs b/src/api/admin.rs
@@ -4,7 +4,6 @@ use serde_json::Value;
use crate::api::{JsonResult, JsonUpcase};
use crate::CONFIG;
-use crate::auth::{encode_jwt, generate_invite_claims};
use crate::mail;
use crate::db::models::*;
use crate::db::DbConn;
@@ -48,17 +47,8 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
if let Some(ref mail_config) = CONFIG.mail {
let mut user = User::new(email);
user.save(&conn)?;
- let org_id = String::from("00000000-0000-0000-0000-000000000000");
- let claims = generate_invite_claims(
- user.uuid.to_string(),
- user.email.clone(),
- org_id.clone(),
- None,
- None,
- );
let org_name = "bitwarden_rs";
- let invite_token = encode_jwt(&claims);
- mail::send_invite(&user.email, &org_id, &user.uuid, &invite_token, &org_name, mail_config)?;
+ mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?;
}
Ok(Json(json!({})))
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
@@ -7,7 +7,7 @@ use crate::db::DbConn;
use crate::CONFIG;
use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
-use crate::auth::{decode_invite_jwt, generate_invite_claims, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders};
+use crate::auth::{decode_invite_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders};
use crate::mail;
@@ -506,15 +506,16 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
Some(org) => org.name,
None => err!("Error looking up organization"),
};
- let claims = generate_invite_claims(
- user.uuid.to_string(),
- user.email.clone(),
- org_id.clone(),
- Some(new_user.uuid.clone()),
- Some(headers.user.email.clone()),
- );
- let invite_token = encode_jwt(&claims);
- mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?;
+
+ mail::send_invite(
+ &email,
+ &user.uuid,
+ Some(org_id.clone()),
+ Some(new_user.uuid),
+ &org_name,
+ Some(headers.user.email.clone()),
+ mail_config
+ )?;
}
}
@@ -550,21 +551,14 @@ fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn:
None => err!("Error looking up organization."),
};
- let claims = generate_invite_claims(
- user.uuid.to_string(),
- user.email.clone(),
- org_id.clone(),
- Some(user_org.uuid.clone()),
- Some(headers.user.email.clone()),
- );
- let invite_token = encode_jwt(&claims);
if let Some(ref mail_config) = CONFIG.mail {
mail::send_invite(
&user.email,
- &org_id,
- &user_org.uuid,
- &invite_token,
+ &user.uuid,
+ Some(org_id),
+ Some(user_org.uuid),
&org_name,
+ Some(headers.user.email),
mail_config,
)?;
}
@@ -588,10 +582,10 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
match User::find_by_mail(&claims.email, &conn) {
Some(_) => {
Invitation::take(&claims.email, &conn);
- if claims.user_org_id.is_some() {
+ if claims.user_org_id.is_some() && claims.org_id.is_some() {
// If this isn't the virtual_org, mark userorg as accepted
let mut user_org =
- match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) {
+ match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id.clone().unwrap(), &conn) {
Some(user_org) => user_org,
None => err!("Error accepting the invitation"),
};
@@ -605,9 +599,12 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
}
if let Some(ref mail_config) = CONFIG.mail {
- let org_name = match Organization::find_by_uuid(&claims.org_id, &conn) {
+ let mut org_name = String::from("bitwarden_rs");
+ if let Some(org_id) = &claims.org_id {
+ org_name = match Organization::find_by_uuid(&org_id, &conn) {
Some(org) => org.name,
- None => String::from("bitwarden_rs"),
+ None => err!("Organization not found.")
+ };
};
if let Some(invited_by_email) = &claims.invited_by_email {
// User was invited to an organization, so they must be confirmed manually after acceptance
diff --git a/src/auth.rs b/src/auth.rs
@@ -116,14 +116,14 @@ pub struct InviteJWTClaims {
pub sub: String,
pub email: String,
- pub org_id: String,
+ pub org_id: Option<String>,
pub user_org_id: Option<String>,
pub invited_by_email: Option<String>,
}
pub fn generate_invite_claims(uuid: String,
email: String,
- org_id: String,
+ org_id: Option<String>,
org_user_id: Option<String>,
invited_by_email: Option<String>,
) -> InviteJWTClaims {
diff --git a/src/mail.rs b/src/mail.rs
@@ -6,7 +6,7 @@ use native_tls::{Protocol, TlsConnector};
use crate::MailConfig;
use crate::CONFIG;
-
+use crate::auth::{generate_invite_claims, encode_jwt};
use crate::api::EmptyResult;
use crate::error::Error;
@@ -58,12 +58,21 @@ pub fn send_password_hint(address: &str, hint: Option<String>, config: &MailConf
pub fn send_invite(
address: &str,
- org_id: &str,
- org_user_id: &str,
- token: &str,
+ uuid: &str,
+ org_id: Option<String>,
+ org_user_id: Option<String>,
org_name: &str,
+ invited_by_email: Option<String>,
config: &MailConfig,
) -> EmptyResult {
+ let claims = generate_invite_claims(
+ uuid.to_string(),
+ String::from(address),
+ org_id.clone(),
+ org_user_id.clone(),
+ invited_by_email.clone(),
+ );
+ let invite_token = encode_jwt(&claims);
let (subject, body) = {
(format!("Join {}", &org_name),
format!(
@@ -72,7 +81,7 @@ pub fn send_invite(
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
</html>",
- org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token
+ org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token
))
};