vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit ed6e8529048d5272a37e88bc5a5e65988c88f081
parent 4289663a1697bd8d78743e2c8eaef255cb811e1b
Author: Stefan Melmuk <stefan.melmuk@gmail.com>
Date:   Tue, 27 Sep 2022 23:19:35 +0200

fix invitations of new users when mail is disabled

If you add a new user that has already been Invited to another
organization they will be Accepted automatically. This should not be
possible because they cannot be Confirmed until they have completed
their registration. It is also not necessary because their invitation
will be accepted automatically once they register.

Diffstat:
Msrc/api/core/organizations.rs | 11+++++------
1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -600,11 +600,7 @@ async fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: Admi for email in data.Emails.iter() { let email = email.to_lowercase(); - let mut user_org_status = if CONFIG.mail_enabled() { - UserOrgStatus::Invited as i32 - } else { - UserOrgStatus::Accepted as i32 // Automatically mark user as accepted if no email invites - }; + let mut user_org_status = UserOrgStatus::Invited as i32; let user = match User::find_by_mail(&email, &conn).await { None => { if !CONFIG.invitations_allowed() { @@ -622,13 +618,16 @@ async fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: Admi let mut user = User::new(email.clone()); user.save(&conn).await?; - user_org_status = UserOrgStatus::Invited as i32; user } Some(user) => { if UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn).await.is_some() { err!(format!("User already in organization: {}", email)) } else { + // automatically accept existing users if mail is disabled + if !CONFIG.mail_enabled() && !user.password_hash.is_empty() { + user_org_status = UserOrgStatus::Accepted as i32; + } user } }