commit 5e3747148867fdca1f1a6bf67c347f081f6f7109
parent 94adf063ad03c3073e30f040e66fa446d749b450
Author: Daniel GarcĂa <dani-garcia@users.noreply.github.com>
Date: Sun, 6 Jan 2019 14:12:24 +0100
Merge pull request #323 from njfox/invite_accepted_email
Send email notifications when invitations are accepted/confirmed
Diffstat:
4 files changed, 142 insertions(+), 70 deletions(-)
diff --git a/src/api/admin.rs b/src/api/admin.rs
@@ -4,6 +4,7 @@ use serde_json::Value;
use crate::api::{JsonResult, JsonUpcase};
use crate::CONFIG;
+use crate::mail;
use crate::db::models::*;
use crate::db::DbConn;
@@ -31,7 +32,7 @@ fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult {
#[post("/invite", data = "<data>")]
fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
let data: InviteData = data.into_inner().data;
-
+ let email = data.Email.clone();
if User::find_by_mail(&data.Email, &conn).is_some() {
err!("User already exists")
}
@@ -43,7 +44,12 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
let mut invitation = Invitation::new(data.Email);
invitation.save(&conn)?;
- // TODO: Might want to send an email?
+ if let Some(ref mail_config) = CONFIG.mail {
+ let mut user = User::new(email);
+ user.save(&conn)?;
+ let org_name = "bitwarden_rs";
+ mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?;
+ }
Ok(Json(json!({})))
}
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
@@ -7,14 +7,12 @@ use crate::db::DbConn;
use crate::CONFIG;
use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
-use crate::auth::{decode_invite_jwt, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders, JWT_ISSUER};
+use crate::auth::{decode_invite_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders};
use crate::mail;
use serde::{Deserialize, Deserializer};
-use chrono::{Duration, Utc};
-
use rocket::Route;
pub fn routes() -> Vec<Route> {
@@ -508,14 +506,16 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
Some(org) => org.name,
None => err!("Error looking up organization"),
};
- let claims = generate_invite_claims(
- user.uuid.to_string(),
- user.email.clone(),
- org_id.clone(),
- Some(new_user.uuid.clone()),
- );
- let invite_token = encode_jwt(&claims);
- mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?;
+
+ mail::send_invite(
+ &email,
+ &user.uuid,
+ Some(org_id.clone()),
+ Some(new_user.uuid),
+ &org_name,
+ Some(headers.user.email.clone()),
+ mail_config
+ )?;
}
}
@@ -523,7 +523,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
}
#[post("/organizations/<org_id>/users/<user_org>/reinvite")]
-fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult {
+fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
if !CONFIG.invitations_allowed {
err!("Invitations are not allowed.")
}
@@ -551,21 +551,15 @@ fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn:
None => err!("Error looking up organization."),
};
- let claims = generate_invite_claims(
- user.uuid.to_string(),
- user.email.clone(),
- org_id.clone(),
- Some(user_org.uuid.clone()),
- );
- let invite_token = encode_jwt(&claims);
if let Some(ref mail_config) = CONFIG.mail {
mail::send_invite(
- &user.email,
- &org_id,
- &user_org.uuid,
- &invite_token,
- &org_name,
- mail_config,
+ &user.email,
+ &user.uuid,
+ Some(org_id),
+ Some(user_org.uuid),
+ &org_name,
+ Some(headers.user.email),
+ mail_config,
)?;
}
@@ -578,19 +572,6 @@ struct AcceptData {
Token: String,
}
-fn generate_invite_claims(uuid: String, email: String, org_id: String, org_user_id: Option<String>) -> InviteJWTClaims {
- let time_now = Utc::now().naive_utc();
- InviteJWTClaims {
- nbf: time_now.timestamp(),
- exp: (time_now + Duration::days(5)).timestamp(),
- iss: JWT_ISSUER.to_string(),
- sub: uuid.clone(),
- email: email.clone(),
- org_id: org_id.clone(),
- user_org_id: org_user_id.clone(),
- }
-}
-
#[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")]
fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
@@ -601,10 +582,10 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
match User::find_by_mail(&claims.email, &conn) {
Some(_) => {
Invitation::take(&claims.email, &conn);
- if claims.user_org_id.is_some() {
+ if claims.user_org_id.is_some() && claims.org_id.is_some() {
// If this isn't the virtual_org, mark userorg as accepted
let mut user_org =
- match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) {
+ match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id.clone().unwrap(), &conn) {
Some(user_org) => user_org,
None => err!("Error accepting the invitation"),
};
@@ -617,6 +598,23 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
None => err!("Invited user not found"),
}
+ if let Some(ref mail_config) = CONFIG.mail {
+ let mut org_name = String::from("bitwarden_rs");
+ if let Some(org_id) = &claims.org_id {
+ org_name = match Organization::find_by_uuid(&org_id, &conn) {
+ Some(org) => org.name,
+ None => err!("Organization not found.")
+ };
+ };
+ if let Some(invited_by_email) = &claims.invited_by_email {
+ // User was invited to an organization, so they must be confirmed manually after acceptance
+ mail::send_invite_accepted(&claims.email, invited_by_email, &org_name, mail_config)?;
+ } else {
+ // User was invited from /admin, so they are automatically confirmed
+ mail::send_invite_confirmed(&claims.email, &org_name, mail_config)?;
+ }
+ }
+
Ok(())
}
@@ -649,6 +647,18 @@ fn confirm_invite(
None => err!("Invalid key provided"),
};
+ if let Some(ref mail_config) = CONFIG.mail {
+ let org_name = match Organization::find_by_uuid(&org_id, &conn) {
+ Some(org) => org.name,
+ None => err!("Error looking up organization."),
+ };
+ let address = match User::find_by_uuid(&user_to_confirm.user_uuid, &conn) {
+ Some(user) => user.email,
+ None => err!("Error looking up user."),
+ };
+ mail::send_invite_confirmed(&address, &org_name, mail_config)?;
+ }
+
user_to_confirm.save(&conn)
}
diff --git a/src/auth.rs b/src/auth.rs
@@ -2,7 +2,7 @@
// JWT Handling
//
use crate::util::read_file;
-use chrono::Duration;
+use chrono::{Duration, Utc};
use jsonwebtoken::{self, Algorithm, Header};
use serde::ser::Serialize;
@@ -116,8 +116,28 @@ pub struct InviteJWTClaims {
pub sub: String,
pub email: String,
- pub org_id: String,
+ pub org_id: Option<String>,
pub user_org_id: Option<String>,
+ pub invited_by_email: Option<String>,
+}
+
+pub fn generate_invite_claims(uuid: String,
+ email: String,
+ org_id: Option<String>,
+ org_user_id: Option<String>,
+ invited_by_email: Option<String>,
+) -> InviteJWTClaims {
+ let time_now = Utc::now().naive_utc();
+ InviteJWTClaims {
+ nbf: time_now.timestamp(),
+ exp: (time_now + Duration::days(5)).timestamp(),
+ iss: JWT_ISSUER.to_string(),
+ sub: uuid.clone(),
+ email: email.clone(),
+ org_id: org_id.clone(),
+ user_org_id: org_user_id.clone(),
+ invited_by_email: invited_by_email.clone(),
+ }
}
//
diff --git a/src/mail.rs b/src/mail.rs
@@ -6,7 +6,7 @@ use native_tls::{Protocol, TlsConnector};
use crate::MailConfig;
use crate::CONFIG;
-
+use crate::auth::{generate_invite_claims, encode_jwt};
use crate::api::EmptyResult;
use crate::error::Error;
@@ -53,28 +53,26 @@ pub fn send_password_hint(address: &str, hint: Option<String>, config: &MailConf
)
};
- let email = EmailBuilder::new()
- .to(address)
- .from((config.smtp_from.clone(), "Bitwarden-rs"))
- .subject(subject)
- .body(body)
- .build()
- .map_err(|e| Error::new("Error building hint email", e.to_string()))?;
-
- mailer(config)
- .send(email.into())
- .map_err(|e| Error::new("Error sending hint email", e.to_string()))
- .and(Ok(()))
+ send_email(&address, &subject, &body, &config)
}
pub fn send_invite(
address: &str,
- org_id: &str,
- org_user_id: &str,
- token: &str,
+ uuid: &str,
+ org_id: Option<String>,
+ org_user_id: Option<String>,
org_name: &str,
+ invited_by_email: Option<String>,
config: &MailConfig,
) -> EmptyResult {
+ let claims = generate_invite_claims(
+ uuid.to_string(),
+ String::from(address),
+ org_id.clone(),
+ org_user_id.clone(),
+ invited_by_email.clone(),
+ );
+ let invite_token = encode_jwt(&claims);
let (subject, body) = {
(format!("Join {}", &org_name),
format!(
@@ -83,21 +81,58 @@ pub fn send_invite(
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
</html>",
- org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token
+ org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token
))
};
+ send_email(&address, &subject, &body, &config)
+}
+
+pub fn send_invite_accepted(
+ new_user_email: &str,
+ address: &str,
+ org_name: &str,
+ config: &MailConfig,
+) -> EmptyResult {
+ let (subject, body) = {
+ ("Invitation accepted",
+ format!(
+ "<html>
+ <p>Your invitation for <b>{}</b> to join <b>{}</b> was accepted. Please <a href=\"{}\">log in</a> to the bitwarden_rs server and confirm them from the organization management page.</p>
+ </html>", new_user_email, org_name, CONFIG.domain))
+ };
+
+ send_email(&address, &subject, &body, &config)
+}
+
+pub fn send_invite_confirmed(
+ address: &str,
+ org_name: &str,
+ config: &MailConfig,
+) -> EmptyResult {
+ let (subject, body) = {
+ (format!("Invitation to {} confirmed", org_name),
+ format!(
+ "<html>
+ <p>Your invitation to join <b>{}</b> was confirmed. It will now appear under the Organizations the next time you <a href=\"{}\">log in</a> to the web vault.</p>
+ </html>", org_name, CONFIG.domain))
+ };
+
+ send_email(&address, &subject, &body, &config)
+}
+
+fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult {
let email = EmailBuilder::new()
- .to(address)
- .from((config.smtp_from.clone(), "Bitwarden-rs"))
- .subject(subject)
- .header(("Content-Type", "text/html"))
- .body(body)
- .build()
- .map_err(|e| Error::new("Error building invite email", e.to_string()))?;
+ .to(address)
+ .from((config.smtp_from.clone(), "Bitwarden-rs"))
+ .subject(subject)
+ .header(("Content-Type", "text/html"))
+ .body(body)
+ .build()
+ .map_err(|e| Error::new("Error building email", e.to_string()))?;
mailer(config)
.send(email.into())
- .map_err(|e| Error::new("Error sending invite email", e.to_string()))
+ .map_err(|e| Error::new("Error sending email", e.to_string()))
.and(Ok(()))
-}
+}
+\ No newline at end of file
