vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 76743aee48263f459ad4c8f3fc6a77bd2e482f35
parent 9ebca9929022eaf1b2ee29f9fa47ad8df03b2c34
Author: Michael Powers <swedishborgie@gmail.com>
Date:   Mon, 13 Jan 2020 21:53:57 -0500

Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL
Because of differences in how .on_conflict() works compared to .replace_into() the PostgreSQL backend wasn't correctly ensuring the unique constraint on user_uuid and atype wasn't getting violated.

This change simply issues a DELETE on the unique constraint prior to the insert to ensure uniqueness. PostgreSQL does not support multiple constraints in ON CONFLICT clauses.

Diffstat:

Msrc/db/models/two_factor.rs | 10++++++++++


1 file changed, 10 insertions(+), 0 deletions(-)

diff --git a/src/db/models/two_factor.rs b/src/db/models/two_factor.rs
@@ -73,6 +73,16 @@ impl TwoFactor {
 impl TwoFactor {
     #[cfg(feature = "postgresql")]
     pub fn save(&self, conn: &DbConn) -> EmptyResult {
+        // We need to make sure we're not going to violate the unique constraint on user_uuid and atype.
+        // This happens automatically on other DBMS backends due to replace_into(). PostgreSQL does
+        // not support multiple constraints on ON CONFLICT clauses.
+        let result: EmptyResult = diesel::delete(twofactor::table.filter(twofactor::user_uuid.eq(&self.user_uuid)).filter(twofactor::atype.eq(&self.atype)))
+            .execute(&**conn)
+            .map_res("Error deleting twofactor for insert");
+        if result.is_err() {
+            return result;
+        }
+
         diesel::insert_into(twofactor::table)
             .values(self)
             .on_conflict(twofactor::uuid)