0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2025-01-18 18:31:57 +01:00

Validate JWT if a user registers with SMTP invites enabled

This commit is contained in:
Nick Fox 2018-12-20 22:16:41 -05:00
parent 99256b9b3a
commit 2cd736ab81
No known key found for this signature in database
GPG key ID: 82719985805A7CA8

View file

@ -4,7 +4,7 @@ use crate::db::models::*;
use crate::db::DbConn; use crate::db::DbConn;
use crate::api::{EmptyResult, JsonResult, JsonUpcase, NumberOrString, PasswordData, UpdateType, WebSocketUsers}; use crate::api::{EmptyResult, JsonResult, JsonUpcase, NumberOrString, PasswordData, UpdateType, WebSocketUsers};
use crate::auth::Headers; use crate::auth::{Headers, decode_invite_jwt, InviteJWTClaims};
use crate::mail; use crate::mail;
use crate::CONFIG; use crate::CONFIG;
@ -44,6 +44,8 @@ struct RegisterData {
MasterPasswordHash: String, MasterPasswordHash: String,
MasterPasswordHint: Option<String>, MasterPasswordHint: Option<String>,
Name: Option<String>, Name: Option<String>,
Token: Option<String>,
OrganizationUserId: Option<String>,
} }
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
@ -59,23 +61,38 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
let mut user = match User::find_by_mail(&data.Email, &conn) { let mut user = match User::find_by_mail(&data.Email, &conn) {
Some(user) => { Some(user) => {
if Invitation::find_by_mail(&data.Email, &conn).is_some() {
if CONFIG.mail.is_none() { if CONFIG.mail.is_none() {
if Invitation::take(&data.Email, &conn) {
for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() { for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
user_org.status = UserOrgStatus::Accepted as i32; user_org.status = UserOrgStatus::Accepted as i32;
if user_org.save(&conn).is_err() { if user_org.save(&conn).is_err() {
err!("Failed to accept user to organization") err!("Failed to accept user to organization")
} }
} }
if !Invitation::take(&data.Email, &conn) {
err!("Error accepting invitation")
}
user user
} else {
let token = match &data.Token {
Some(token) => token,
None => err!("No valid invite token")
};
let claims: InviteJWTClaims = match decode_invite_jwt(&token) {
Ok(claims) => claims,
Err(msg) => err!("Invalid claim: {:#?}", msg),
};
if &claims.email == &data.Email {
user
} else {
err!("Registration email does not match invite email")
}
}
} else if CONFIG.signups_allowed { } else if CONFIG.signups_allowed {
err!("Account with this email already exists") err!("Account with this email already exists")
} else { } else {
err!("Registration not allowed") err!("Registration not allowed")
} }
} else {
user
}
} }
None => { None => {
if CONFIG.signups_allowed || (CONFIG.mail.is_none() && Invitation::take(&data.Email, &conn)) { if CONFIG.signups_allowed || (CONFIG.mail.is_none() && Invitation::take(&data.Email, &conn)) {