vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 3d843a6a51d2a74a5fc210eae90986f5f8a44e5d
parent fdcc32beda607a6ed8568b32898c37cd24fa4e5e
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sun, 14 Apr 2019 22:30:51 +0200

Merge pull request #460 from janost/organization-vault-purge

Fixed purging organization vault
Diffstat:
Msrc/api/core/ciphers.rs | 53++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 40 insertions(+), 13 deletions(-)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs @@ -870,8 +870,14 @@ fn move_cipher_selected_put( move_cipher_selected(data, headers, conn, nt) } -#[post("/ciphers/purge", data = "<data>")] -fn delete_all(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult { +#[derive(FromForm)] +struct OrganizationId { + #[form(field = "organizationId")] + org_id: String, +} + +#[post("/ciphers/purge?<organization..>", data = "<data>")] +fn delete_all(organization: Option<Form<OrganizationId>>, data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult { let data: PasswordData = data.into_inner().data; let password_hash = data.MasterPasswordHash; @@ -881,19 +887,40 @@ fn delete_all(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn, nt err!("Invalid password") } - // Delete ciphers and their attachments - for cipher in Cipher::find_owned_by_user(&user.uuid, &conn) { - cipher.delete(&conn)?; - } + match organization { + Some(org_data) => { + // Organization ID in query params, purging organization vault + match UserOrganization::find_by_user_and_org(&user.uuid, &org_data.org_id, &conn) { + None => err!("You don't have permission to purge the organization vault"), + Some(user_org) => { + if user_org.type_ == UserOrgType::Owner { + Cipher::delete_all_by_organization(&org_data.org_id, &conn)?; + Collection::delete_all_by_organization(&org_data.org_id, &conn)?; + nt.send_user_update(UpdateType::Vault, &user); + Ok(()) + } else { + err!("You don't have permission to purge the organization vault"); + } + } + } + }, + None => { + // No organization ID in query params, purging user vault + // Delete ciphers and their attachments + for cipher in Cipher::find_owned_by_user(&user.uuid, &conn) { + cipher.delete(&conn)?; + } - // Delete folders - for f in Folder::find_by_user(&user.uuid, &conn) { - f.delete(&conn)?; - } + // Delete folders + for f in Folder::find_by_user(&user.uuid, &conn) { + f.delete(&conn)?; + } - user.update_revision(&conn)?; - nt.send_user_update(UpdateType::Vault, &user); - Ok(()) + user.update_revision(&conn)?; + nt.send_user_update(UpdateType::Vault, &user); + Ok(()) + }, + } } fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, nt: &Notify) -> EmptyResult {