vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 4861f6deccf893c8b4e26db56c39fdc099ae965f
parent ff8db4fd78bd20c141481bf7de0374f1834f760d
Author: Adrià Martín <adria.martin@e-zigurat.com>
Date:   Fri, 20 Oct 2023 11:57:57 +0200

New config option disable email change

Diffstat:
M.env.template | 4++++
Msrc/api/core/accounts.rs | 8++++++++
Msrc/config.rs | 2++
3 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/.env.template b/.env.template @@ -97,6 +97,10 @@ ## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings. # ORG_EVENTS_ENABLED=false +## Controls whether users can change their email. +## This setting applies globally to all users +# EMAIL_CHANGE_ALLOWED=true + ## Number of days to retain events stored in the database. ## If unset (the default), events are kept indefinitely and the scheduled job is disabled! # EVENTS_DAYS_RETAIN= diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs @@ -533,6 +533,10 @@ struct EmailTokenData { #[post("/accounts/email-token", data = "<data>")] async fn post_email_token(data: JsonUpcase<EmailTokenData>, headers: Headers, mut conn: DbConn) -> EmptyResult { + if !CONFIG.email_change_allowed() { + err!("Email change is not allowed."); + } + let data: EmailTokenData = data.into_inner().data; let mut user = headers.user; @@ -579,6 +583,10 @@ async fn post_email( mut conn: DbConn, nt: Notify<'_>, ) -> EmptyResult { + if !CONFIG.email_change_allowed() { + err!("Email change is not allowed."); + } + let data: ChangeEmailData = data.into_inner().data; let mut user = headers.user; diff --git a/src/config.rs b/src/config.rs @@ -480,6 +480,8 @@ make_config! { invitation_expiration_hours: u32, false, def, 120; /// Allow emergency access |> Controls whether users can enable emergency access to their accounts. This setting applies globally to all users. emergency_access_allowed: bool, true, def, true; + /// Allow email change |> Controls whether users can change their email. This setting applies globally to all users. + email_change_allowed: bool, true, def, true; /// Password iterations |> Number of server-side passwords hashing iterations for the password hash. /// The default for new users. If changed, it will be updated during login for existing users. password_iterations: i32, true, def, 600_000;