Merge pull request #1006 from jjlin/email-change - vw_small

commit 4146612a32b11d7a174b8ae997ed5eb317684de2
parent c5d7e3f2bc328e331a2c3fcec0608690ed4dd2b4
Author: Daniel García <dani-garcia@users.noreply.github.com>
Date:   Wed, 27 May 2020 18:18:21 +0200

Merge pull request #1006 from jjlin/email-change

Allow email changes for existing accounts even when signups are disabled
Diffstat:
M src/api/core/accounts.rs  | 4 ++--
M src/api/core/organizations.rs  | 2 +-
M src/config.rs  | 11 ++++++-----

3 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
@@ -379,8 +379,8 @@ fn post_email_token(data: JsonUpcase<EmailTokenData>, headers: Headers, conn: Db
         err!("Email already in use");
     }
 
-    if !CONFIG.is_signup_allowed(&data.NewEmail) {
-        err!("Email cannot be changed to this address");
+    if !CONFIG.is_email_domain_allowed(&data.NewEmail) {
+        err!("Email domain not allowed");
     }
 
     let token = crypto::generate_token(6)?;
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
@@ -488,7 +488,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
                     err!(format!("User does not exist: {}", email))
                 }
 
-                if !CONFIG.signups_domains_whitelist().is_empty() && !CONFIG.is_email_domain_whitelisted(&email) {
+                if !CONFIG.is_email_domain_allowed(&email) {
                     err!("Email domain not eligible for invitations")
                 }
 
diff --git a/src/config.rs b/src/config.rs
@@ -558,9 +558,10 @@ impl Config {
         self.update_config(builder)
     }
 
-    /// Tests whether an email's domain is in signups_domains_whitelist.
-    /// Returns false if no whitelist is set.
-    pub fn is_email_domain_whitelisted(&self, email: &str) -> bool {
+    /// Tests whether an email's domain is allowed. A domain is allowed if it
+    /// is in signups_domains_whitelist, or if no whitelist is set (so there
+    /// are no domain restrictions in effect).
+    pub fn is_email_domain_allowed(&self, email: &str) -> bool {
         let e: Vec<&str> = email.rsplitn(2, '@').collect();
         if e.len() != 2 || e[0].is_empty() || e[1].is_empty() {
             warn!("Failed to parse email address '{}'", email);
@@ -569,7 +570,7 @@ impl Config {
         let email_domain = e[0].to_lowercase();
         let whitelist = self.signups_domains_whitelist();
 
-        !whitelist.is_empty() && whitelist.split(',').any(|d| d.trim() == email_domain)
+        whitelist.is_empty() || whitelist.split(',').any(|d| d.trim() == email_domain)
     }
 
     /// Tests whether signup is allowed for an email address, taking into
@@ -577,7 +578,7 @@ impl Config {
     pub fn is_signup_allowed(&self, email: &str) -> bool {
         if !self.signups_domains_whitelist().is_empty() {
             // The whitelist setting overrides the signups_allowed setting.
-            self.is_email_domain_whitelisted(email)
+            self.is_email_domain_allowed(email)
         } else {
             self.signups_allowed()
         }

	vw_small Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
	git clone https://git.philomathiclife.com/repos/vw_small
	Log \| Files \| Refs \| README

M	src/api/core/accounts.rs	\|	4	++--
M	src/api/core/organizations.rs	\|	2	+-
M	src/config.rs	\|	11	++++++-----