vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 2215cfefb9d2affd55a5773bde49b37efeb11a32
parent 638766b346dc0e00c5db7935d21e48354d632335
Author: Stefan Melmuk <stefan.melmuk@gmail.com>
Date:   Tue, 27 Sep 2022 23:19:35 +0200

fix invitations of new users when mail is disabled

If you add a new user that has already been Invited to another
organization they will be Accepted automatically. This should not be
possible because they cannot be Confirmed until they have completed
their registration. It is also not necessary because their invitation
will be accepted automatically once they register.

Diffstat:
Msrc/api/core/organizations.rs | 11+++++------
1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -600,11 +600,7 @@ async fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: Admi for email in data.Emails.iter() { let email = email.to_lowercase(); - let mut user_org_status = if CONFIG.mail_enabled() { - UserOrgStatus::Invited as i32 - } else { - UserOrgStatus::Accepted as i32 // Automatically mark user as accepted if no email invites - }; + let mut user_org_status = UserOrgStatus::Invited as i32; let user = match User::find_by_mail(&email, &conn).await { None => { if !CONFIG.invitations_allowed() { @@ -622,13 +618,16 @@ async fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: Admi let mut user = User::new(email.clone()); user.save(&conn).await?; - user_org_status = UserOrgStatus::Invited as i32; user } Some(user) => { if UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn).await.is_some() { err!(format!("User already in organization: {}", email)) } else { + // automatically accept existing users if mail is disabled + if !CONFIG.mail_enabled() && !user.password_hash.is_empty() { + user_org_status = UserOrgStatus::Accepted as i32; + } user } }