vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit d892880dd2f96dd9f72a6ce9437bf638719a4bcb
parent 3dbfc484a54c41d1759646444b439da06445060b
Author: BlackDex <black.dex@gmail.com>
Date:   Mon, 31 Jul 2023 20:40:48 +0200

Fix UserOrg status during LDAP Import

When a user does not have an account yet and SMTP was disabled it would
set the UserOrg status still to Accepted, though that would make it
possible to verify the user by the Org Admin's.
This would fail, since the user didn't actually crated his account, and
therefor no PublicKey existed.

This PR fixes this behaviour by checking if the password is empty and if
so, puts the user to an `Invited` state instead of `Accepted`.

Fixes #3737

Diffstat:

Msrc/api/core/public.rs | 2+-


1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/core/public.rs b/src/api/core/public.rs
@@ -85,7 +85,7 @@ async fn ldap_import(data: JsonUpcase<OrgImportData>, token: PublicToken, mut co
                     new_user
                 }
             };
-            let user_org_status = if CONFIG.mail_enabled() {
+            let user_org_status = if CONFIG.mail_enabled() || user.password_hash.is_empty() {
                 UserOrgStatus::Invited as i32
             } else {
                 UserOrgStatus::Accepted as i32 // Automatically mark user as accepted if no email invites