vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit a3149335571d47af810aff3665665f0eb5c9f168
parent c5d7e3f2bc328e331a2c3fcec0608690ed4dd2b4
Author: Jeremy Lin <jeremy.lin@gmail.com>
Date:   Sun, 24 May 2020 14:00:26 -0700

Allow email changes for existing accounts even when signups are disabled

Diffstat:
Msrc/api/core/accounts.rs | 4++--
Msrc/api/core/organizations.rs | 2+-
Msrc/config.rs | 11++++++-----
3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs @@ -379,8 +379,8 @@ fn post_email_token(data: JsonUpcase<EmailTokenData>, headers: Headers, conn: Db err!("Email already in use"); } - if !CONFIG.is_signup_allowed(&data.NewEmail) { - err!("Email cannot be changed to this address"); + if !CONFIG.is_email_domain_allowed(&data.NewEmail) { + err!("Email domain not allowed"); } let token = crypto::generate_token(6)?; diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -488,7 +488,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade err!(format!("User does not exist: {}", email)) } - if !CONFIG.signups_domains_whitelist().is_empty() && !CONFIG.is_email_domain_whitelisted(&email) { + if !CONFIG.is_email_domain_allowed(&email) { err!("Email domain not eligible for invitations") } diff --git a/src/config.rs b/src/config.rs @@ -558,9 +558,10 @@ impl Config { self.update_config(builder) } - /// Tests whether an email's domain is in signups_domains_whitelist. - /// Returns false if no whitelist is set. - pub fn is_email_domain_whitelisted(&self, email: &str) -> bool { + /// Tests whether an email's domain is allowed. A domain is allowed if it + /// is in signups_domains_whitelist, or if no whitelist is set (so there + /// are no domain restrictions in effect). + pub fn is_email_domain_allowed(&self, email: &str) -> bool { let e: Vec<&str> = email.rsplitn(2, '@').collect(); if e.len() != 2 || e[0].is_empty() || e[1].is_empty() { warn!("Failed to parse email address '{}'", email); @@ -569,7 +570,7 @@ impl Config { let email_domain = e[0].to_lowercase(); let whitelist = self.signups_domains_whitelist(); - !whitelist.is_empty() && whitelist.split(',').any(|d| d.trim() == email_domain) + whitelist.is_empty() || whitelist.split(',').any(|d| d.trim() == email_domain) } /// Tests whether signup is allowed for an email address, taking into @@ -577,7 +578,7 @@ impl Config { pub fn is_signup_allowed(&self, email: &str) -> bool { if !self.signups_domains_whitelist().is_empty() { // The whitelist setting overrides the signups_allowed setting. - self.is_email_domain_whitelisted(email) + self.is_email_domain_allowed(email) } else { self.signups_allowed() }