vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 9713a3a5558d163fbade7d9260d8e994dbd9537b
parent 08f0de7b46d36a4e974d8e7b25a9786168cd38a5
Author: Tomek Mańko <tomek.manko@railgun-solutions.com>
Date:   Sun, 13 Feb 2022 13:06:52 +0100

Add IP address to missing/invalid password message for Sends

Diffstat:
Msrc/api/core/sends.rs | 8++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs @@ -8,7 +8,7 @@ use serde_json::Value; use crate::{ api::{ApiResult, EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, UpdateType}, - auth::{Headers, Host}, + auth::{ClientIp, Headers, Host}, db::{models::*, DbConn, DbPool}, util::SafeString, CONFIG, @@ -268,7 +268,7 @@ pub struct SendAccessData { } #[post("/sends/access/<access_id>", data = "<data>")] -fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult { +fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn, ip: ClientIp) -> JsonResult { let mut send = match Send::find_by_access_id(&access_id, &conn) { Some(s) => s, None => err_code!(SEND_INACCESSIBLE_MSG, 404), @@ -297,8 +297,8 @@ fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn if send.password_hash.is_some() { match data.into_inner().data.Password { Some(ref p) if send.check_password(p) => { /* Nothing to do here */ } - Some(_) => err!("Invalid password."), - None => err_code!("Password not provided", 401), + Some(_) => err!("Invalid password", format!("IP: {}.", ip.ip)), + None => err_code!("Password not provided", format!("IP: {}.", ip.ip), 401), } }