vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit b2fc0499f6630df15b4d9926d6bad003e18ec27a
parent 6a99849a1ec97a5db11b3f5721e64737ed20256e
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Wed, 19 Dec 2018 22:51:08 +0100

Finish invite functionality, and remove virtual organization

Diffstat:
Msrc/api/admin.rs | 7+++----
Msrc/api/core/organizations.rs | 59+++++++++++++++++++----------------------------------------
Msrc/auth.rs | 10++--------
Msrc/db/models/organization.rs | 62++++----------------------------------------------------------
Msrc/db/models/user.rs | 16+++-------------
Msrc/static/admin.html | 28++++++++++++----------------
6 files changed, 43 insertions(+), 139 deletions(-)

diff --git a/src/api/admin.rs b/src/api/admin.rs @@ -40,11 +40,10 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) - err!("Invitations are not allowed") } - let mut invitation = Invitation::new(data.Email.clone()); - let mut user = User::new(data.Email); - + let mut invitation = Invitation::new(data.Email); invitation.save(&conn)?; - user.save(&conn)?; + + // TODO: Might want to send an email? Ok(Json(json!({}))) } diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -426,45 +426,42 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade }; - // Don't create UserOrganization in virtual organization - let mut org_user_id = None; - if org_id != Organization::VIRTUAL_ID { - let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone()); - let access_all = data.AccessAll.unwrap_or(false); - new_user.access_all = access_all; - new_user.type_ = new_type; - new_user.status = user_org_status; - - // If no accessAll, add the collections received - if !access_all { - for col in &data.Collections { - match Collection::find_by_uuid_and_org(&col.Id, &org_id, &conn) { - None => err!("Collection not found in Organization"), - Some(collection) => { - CollectionUser::save(&user.uuid, &collection.uuid, col.ReadOnly, &conn)?; - } + let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone()); + let access_all = data.AccessAll.unwrap_or(false); + new_user.access_all = access_all; + new_user.type_ = new_type; + new_user.status = user_org_status; + + // If no accessAll, add the collections received + if !access_all { + for col in &data.Collections { + match Collection::find_by_uuid_and_org(&col.Id, &org_id, &conn) { + None => err!("Collection not found in Organization"), + Some(collection) => { + CollectionUser::save(&user.uuid, &collection.uuid, col.ReadOnly, &conn)?; } } } - - new_user.save(&conn)?; - org_user_id = Some(new_user.uuid.clone()); } + new_user.save(&conn)?; + if CONFIG.mail.is_some() { let org_name = match Organization::find_by_uuid(&org_id, &conn) { Some(org) => org.name, None => err!("Error looking up organization") }; - let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), org_user_id.clone()); + let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), Some(new_user.uuid.clone())); let invite_token = encode_jwt(&claims); if let Some(ref mail_config) = CONFIG.mail { - if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()), + if let Err(e) = mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config) { err!(format!("There has been a problem sending the email: {}", e)) } } } + + new_user.save(&conn)?; } Ok(()) @@ -480,10 +477,6 @@ fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: err!("SMTP is not configured.") } - if org_id == Organization::VIRTUAL_ID { - err!("This functionality is incompatible with the bitwarden_rs virtual organization. Please delete the user and send a new invitation.") - } - let user_org = match UserOrganization::find_by_uuid(&user_org, &conn) { Some(user_org) => user_org, None => err!("UserOrg not found."), @@ -682,20 +675,6 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData> #[delete("/organizations/<org_id>/users/<org_user_id>")] fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { - // We're deleting user in virtual Organization. Delete User, not UserOrganization - if org_id == Organization::VIRTUAL_ID { - match User::find_by_uuid(&org_user_id, &conn) { - Some(user_to_delete) => { - if user_to_delete.uuid == headers.user.uuid { - err!("Delete your account in the account settings") - } else { - user_to_delete.delete(&conn)?; - } - }, - None => err!("User not found") - } - } - let user_to_delete = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) { Some(user) => user, None => err!("User to delete isn't member of the organization") diff --git a/src/auth.rs b/src/auth.rs @@ -131,7 +131,7 @@ use rocket::Outcome; use rocket::request::{self, Request, FromRequest}; use crate::db::DbConn; -use crate::db::models::{User, Organization, UserOrganization, UserOrgType, UserOrgStatus, Device}; +use crate::db::models::{User, UserOrganization, UserOrgType, UserOrgStatus, Device}; pub struct Headers { pub host: String, @@ -245,13 +245,7 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders { err_handler!("The current user isn't confirmed member of the organization") } } - None => { - if headers.user.is_server_admin() && org_id == Organization::VIRTUAL_ID { - UserOrganization::new_virtual(headers.user.uuid.clone(), UserOrgType::Owner, UserOrgStatus::Confirmed) - } else { - err_handler!("The current user isn't member of the organization") - } - } + None => err_handler!("The current user isn't member of the organization") }; Outcome::Success(Self{ diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs @@ -1,7 +1,7 @@ use std::cmp::Ordering; use serde_json::Value; -use super::{User, CollectionUser, Invitation}; +use super::{User, CollectionUser}; #[derive(Debug, Identifiable, Queryable, Insertable)] #[table_name = "organizations"] @@ -154,8 +154,6 @@ impl UserOrgType { /// Local methods impl Organization { - pub const VIRTUAL_ID: &'static str = "00000000-0000-0000-0000-000000000000"; - pub fn new(name: String, billing_email: String) -> Self { Self { uuid: crate::util::get_uuid(), @@ -165,14 +163,6 @@ impl Organization { } } - pub fn new_virtual() -> Self { - Self { - uuid: String::from(Organization::VIRTUAL_ID), - name: String::from("bitwarden_rs"), - billing_email: String::from("none@none.none") - } - } - pub fn to_json(&self) -> Value { json!({ "Id": self.uuid, @@ -216,20 +206,6 @@ impl UserOrganization { type_: UserOrgType::User as i32, } } - - pub fn new_virtual(user_uuid: String, type_: UserOrgType, status: UserOrgStatus) -> Self { - Self { - uuid: user_uuid.clone(), - - user_uuid, - org_uuid: String::from(Organization::VIRTUAL_ID), - - access_all: true, - key: String::new(), - status: status as i32, - type_: type_ as i32, - } - } } @@ -244,10 +220,6 @@ use crate::error::MapResult; /// Database methods impl Organization { pub fn save(&mut self, conn: &DbConn) -> EmptyResult { - if self.uuid == Organization::VIRTUAL_ID { - err!("diesel::result::Error::NotFound") - } - UserOrganization::find_by_org(&self.uuid, conn) .iter() .for_each(|user_org| { @@ -262,10 +234,6 @@ impl Organization { pub fn delete(self, conn: &DbConn) -> EmptyResult { use super::{Cipher, Collection}; - if self.uuid == Organization::VIRTUAL_ID { - err!("diesel::result::Error::NotFound") - } - Cipher::delete_all_by_organization(&self.uuid, &conn)?; Collection::delete_all_by_organization(&self.uuid, &conn)?; UserOrganization::delete_all_by_organization(&self.uuid, &conn)?; @@ -279,9 +247,6 @@ impl Organization { } pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> { - if uuid == Organization::VIRTUAL_ID { - return Some(Self::new_virtual()) - }; organizations::table .filter(organizations::uuid.eq(uuid)) .first::<Self>(&**conn).ok() @@ -371,9 +336,6 @@ impl UserOrganization { } pub fn save(&mut self, conn: &DbConn) -> EmptyResult { - if self.org_uuid == Organization::VIRTUAL_ID { - err!("diesel::result::Error::NotFound") - } User::update_uuid_revision(&self.user_uuid, conn); diesel::replace_into(users_organizations::table) @@ -382,9 +344,6 @@ impl UserOrganization { } pub fn delete(self, conn: &DbConn) -> EmptyResult { - if self.org_uuid == Organization::VIRTUAL_ID { - err!("diesel::result::Error::NotFound") - } User::update_uuid_revision(&self.user_uuid, conn); CollectionUser::delete_all_by_user(&self.user_uuid, &conn)?; @@ -449,22 +408,9 @@ impl UserOrganization { } pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> { - if org_uuid == Organization::VIRTUAL_ID { - User::get_all(&*conn).iter().map(|user| { - Self::new_virtual( - user.uuid.clone(), - UserOrgType::User, - if Invitation::find_by_mail(&user.email, &conn).is_some() { - UserOrgStatus::Invited - } else { - UserOrgStatus::Confirmed - }) - }).collect() - } else { - users_organizations::table - .filter(users_organizations::org_uuid.eq(org_uuid)) - .load::<Self>(&**conn).expect("Error loading user organizations") - } + users_organizations::table + .filter(users_organizations::org_uuid.eq(org_uuid)) + .load::<Self>(&**conn).expect("Error loading user organizations") } pub fn find_by_org_and_type(org_uuid: &str, type_: i32, conn: &DbConn) -> Vec<Self> { diff --git a/src/db/models/user.rs b/src/db/models/user.rs @@ -100,13 +100,6 @@ impl User { pub fn reset_security_stamp(&mut self) { self.security_stamp = crate::util::get_uuid(); } - - pub fn is_server_admin(&self) -> bool { - match CONFIG.server_admin_email { - Some(ref server_admin_email) => &self.email == server_admin_email, - None => false - } - } } use diesel; @@ -121,12 +114,9 @@ use crate::error::MapResult; /// Database methods impl User { pub fn to_json(&self, conn: &DbConn) -> Value { - use super::{UserOrganization, UserOrgType, UserOrgStatus, TwoFactor}; + use super::{UserOrganization, TwoFactor}; - let mut orgs = UserOrganization::find_by_user(&self.uuid, conn); - if self.is_server_admin() { - orgs.push(UserOrganization::new_virtual(self.uuid.clone(), UserOrgType::Owner, UserOrgStatus::Confirmed)); - } + let orgs = UserOrganization::find_by_user(&self.uuid, conn); let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(&conn)).collect(); let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty(); @@ -172,7 +162,7 @@ impl User { Cipher::delete_all_by_user(&self.uuid, &*conn)?; Folder::delete_all_by_user(&self.uuid, &*conn)?; Device::delete_all_by_user(&self.uuid, &*conn)?; - //TwoFactor::delete_all_by_user(&self.uuid, &*conn)?; + TwoFactor::delete_all_by_user(&self.uuid, &*conn)?; Invitation::take(&self.email, &*conn); // Delete invitation if any diesel::delete(users::table.filter( diff --git a/src/static/admin.html b/src/static/admin.html @@ -27,10 +27,8 @@ function identicon(email) { const data = new Identicon(md5(email), { - size: 48, - format: 'svg' + size: 48, format: 'svg' }).toString(); - return "data:image/svg+xml;base64," + data; } @@ -84,22 +82,19 @@ function loadUsers() { $("#users-list").empty(); $.get({ url: "/admin/users", headers: _headers() }) - .done(fillRow) - .fail(resetKey); + .done(fillRow).fail(resetKey); return false; } function _post(url, successMsg, errMsg, resetOnErr, data) { $.post({ url: url, headers: _headers(), data: data }) - .done(() => { + .done(function () { alert(successMsg); loadUsers(); - }) - .fail((e) => { - const msg = e.responseJSON ? - e.responseJSON.ErrorModel.Message - : "Unknown error"; + }).fail(function (e) { + const r = e.responseJSON; + const msg = r ? r.ErrorModel.Message : "Unknown error"; alert(errMsg + ": " + msg); if (resetOnErr) { resetKey(); } }); @@ -112,18 +107,19 @@ } function inviteUser() { - data = JSON.stringify({ "Email": $("#email-invite").val() }); - - _post("/admin/invite/", - "User invited correctly", + inv = $("#email-invite"); + data = JSON.stringify({ "Email": inv.val() }); + inv.val(""); + _post("/admin/invite/", "User invited correctly", "Error inviting user", false, data); + return false; } $(window).on('load', function () { setKey(); $("#key-form").submit(setKey); - $("#reload-btn").on("click", loadUsers); + $("#reload-btn").click(loadUsers); $("#invite-form").submit(inviteUser); }); </script>