Make org owner invitations respect the email domain whitelist - vw_small

commit e4d08836e2ccc8bd4f1b926f306aa881f26a33d8
parent c2a324e5da24bf2b59b5ccb745335783b4ea633f
Author: Jeremy Lin <jeremy.lin@gmail.com>
Date:   Thu,  9 Apr 2020 01:51:05 -0700

Make org owner invitations respect the email domain whitelist

This closes a loophole where org owners can invite new users from any domain.

Diffstat:
M src/api/core/organizations.rs  | 9 ++++++---

1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
@@ -485,7 +485,11 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
         let user = match User::find_by_mail(&email, &conn) {
             None => {
                 if !CONFIG.invitations_allowed() {
-                    err!(format!("User email does not exist: {}", email))
+                    err!(format!("User does not exist: {}", email))
+                }
+
+                if !CONFIG.signups_domains_whitelist().is_empty() && !CONFIG.is_email_domain_whitelisted(&email) {
+                    err!("Email domain not eligible for invitations")
                 }
 
                 if !CONFIG.mail_enabled() {
@@ -978,4 +982,4 @@ fn put_policy(org_id: String, pol_type: i32, data: Json<PolicyData>, _headers: A
     policy.save(&conn)?;
 
     Ok(Json(policy.to_json()))
-}
-\ No newline at end of file
+}

	vw_small Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
	git clone https://git.philomathiclife.com/repos/vw_small
	Log \| Files \| Refs \| README