MirrorHub/bitwarden_rs
0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-06-09 07:29:11 +02:00
Code Issues Releases Wiki Activity

added database migration

Browse source
This commit is contained in:
sirux88 2023-01-25 08:06:21 +01:00
parent 9366e31452
commit 95494083f2
13 changed files with 61 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
migrations/mysql/2023-01-06-151600_add_reset_password_support/down.sql Normal file
View file

2
migrations/mysql/2023-01-06-151600_add_reset_password_support/up.sql Normal file
View file

@ -0,0 +1,2 @@
ALTER TABLE users_organizations
ADD COLUMN reset_password_key VARCHAR(255);

0
migrations/postgresql/2023-01-06-151600_add_reset_password_support/down.sql Normal file
View file

2
migrations/postgresql/2023-01-06-151600_add_reset_password_support/up.sql Normal file
View file

@ -0,0 +1,2 @@
ALTER TABLE users_organizations
ADD COLUMN reset_password_key TEXT;

0
migrations/sqlite/2023-01-06-151600_add_reset_password_support/down.sql Normal file
View file

2
migrations/sqlite/2023-01-06-151600_add_reset_password_support/up.sql Normal file
View file

@ -0,0 +1,2 @@
ALTER TABLE users_organizations
ADD COLUMN reset_password_key TEXT;

6
src/db/models/event.rs
View file

@ -87,9 +87,9 @@ pub enum EventType {
OrganizationUserRemoved = 1503, OrganizationUserRemoved = 1503,
OrganizationUserUpdatedGroups = 1504, OrganizationUserUpdatedGroups = 1504,
// OrganizationUserUnlinkedSso = 1505, // Not supported // OrganizationUserUnlinkedSso = 1505, // Not supported
// OrganizationUserResetPasswordEnroll = 1506, // Not supported OrganizationUserResetPasswordEnroll = 1506,
// OrganizationUserResetPasswordWithdraw = 1507, // Not supported OrganizationUserResetPasswordWithdraw = 1507,
// OrganizationUserAdminResetPassword = 1508, // Not supported OrganizationUserAdminResetPassword = 1508,
// OrganizationUserResetSsoLink = 1509, // Not supported // OrganizationUserResetSsoLink = 1509, // Not supported
// OrganizationUserFirstSsoLogin = 1510, // Not supported // OrganizationUserFirstSsoLogin = 1510, // Not supported
OrganizationUserRevoked = 1511, OrganizationUserRevoked = 1511,

23
src/db/models/org_policy.rs
View file

@ -32,7 +32,7 @@ pub enum OrgPolicyType {
PersonalOwnership = 5, PersonalOwnership = 5,
DisableSend = 6, DisableSend = 6,
SendOptions = 7, SendOptions = 7,
// ResetPassword = 8, // Not supported ResetPassword = 8,
// MaximumVaultTimeout = 9, // Not supported (Not AGPLv3 Licensed) // MaximumVaultTimeout = 9, // Not supported (Not AGPLv3 Licensed)
// DisablePersonalVaultExport = 10, // Not supported (Not AGPLv3 Licensed) // DisablePersonalVaultExport = 10, // Not supported (Not AGPLv3 Licensed)
} }
@ -44,6 +44,13 @@ pub struct SendOptionsPolicyData {
pub DisableHideEmail: bool, pub DisableHideEmail: bool,
} }
// https://github.com/bitwarden/server/blob/5cbdee137921a19b1f722920f0fa3cd45af2ef0f/src/Core/Models/Data/Organizations/Policies/ResetPasswordDataModel.cs
#[derive(Deserialize)]
#[allow(non_snake_case)]
pub struct ResetPasswordDataModel {
pub AutoEnrollEnabled: bool,
}
pub type OrgPolicyResult = Result<(), OrgPolicyErr>; pub type OrgPolicyResult = Result<(), OrgPolicyErr>;
#[derive(Debug)] #[derive(Debug)]
@ -298,6 +305,20 @@ impl OrgPolicy {
Ok(()) Ok(())
} }
pub async fn org_is_reset_password_auto_enroll(org_uuid: &str, conn: &mut DbConn) -> bool {
match OrgPolicy::find_by_org_and_type(org_uuid, OrgPolicyType::ResetPassword, conn).await {
Some(policy) => match serde_json::from_str::<UpCase<ResetPasswordDataModel>>(&policy.data) {
Ok(opts) => {
return opts.data.AutoEnrollEnabled;
}
_ => error!("Failed to deserialize ResetPasswordDataModel: {}", policy.data),
},
None => return false,
}
false
}
/// Returns true if the user belongs to an org that has enabled the `DisableHideEmail` /// Returns true if the user belongs to an org that has enabled the `DisableHideEmail`
/// option of the `Send Options` policy, and the user is not an owner or admin of that org. /// option of the `Send Options` policy, and the user is not an owner or admin of that org.
pub async fn is_hide_email_disabled(user_uuid: &str, conn: &mut DbConn) -> bool { pub async fn is_hide_email_disabled(user_uuid: &str, conn: &mut DbConn) -> bool {

8
src/db/models/organization.rs
View file

@ -29,6 +29,7 @@ db_object! {
pub akey: String, pub akey: String,
pub status: i32, pub status: i32,
pub atype: i32, pub atype: i32,
pub reset_password_key: Option<String>,
} }
} }
@ -158,7 +159,7 @@ impl Organization {
"SelfHost": true, "SelfHost": true,
"UseApi": false, // Not supported "UseApi": false, // Not supported
"HasPublicAndPrivateKeys": self.private_key.is_some() && self.public_key.is_some(), "HasPublicAndPrivateKeys": self.private_key.is_some() && self.public_key.is_some(),
"UseResetPassword": false, // Not supported "UseResetPassword": true,
"BusinessName": null, "BusinessName": null,
"BusinessAddress1": null, "BusinessAddress1": null,
@ -194,6 +195,7 @@ impl UserOrganization {
akey: String::new(), akey: String::new(),
status: UserOrgStatus::Accepted as i32, status: UserOrgStatus::Accepted as i32,
atype: UserOrgType::User as i32, atype: UserOrgType::User as i32,
reset_password_key: None,
} }
} }
@ -311,7 +313,8 @@ impl UserOrganization {
"UseApi": false, // Not supported "UseApi": false, // Not supported
"SelfHost": true, "SelfHost": true,
"HasPublicAndPrivateKeys": org.private_key.is_some() && org.public_key.is_some(), "HasPublicAndPrivateKeys": org.private_key.is_some() && org.public_key.is_some(),
"ResetPasswordEnrolled": false, // Not supported "ResetPasswordEnrolled": self.reset_password_key.is_some(),
"UseResetPassword": true,
"SsoBound": false, // Not supported "SsoBound": false, // Not supported
"UseSso": false, // Not supported "UseSso": false, // Not supported
"ProviderId": null, "ProviderId": null,
@ -377,6 +380,7 @@ impl UserOrganization {
"Type": self.atype, "Type": self.atype,
"AccessAll": self.access_all, "AccessAll": self.access_all,
"TwoFactorEnabled": twofactor_enabled, "TwoFactorEnabled": twofactor_enabled,
"ResetPasswordEnrolled":self.reset_password_key.is_some(),
"Object": "organizationUserUserDetails", "Object": "organizationUserUserDetails",
}) })

21
src/db/models/user.rs
View file

@ -178,6 +178,27 @@ impl User {
self.security_stamp = crate::util::get_uuid(); self.security_stamp = crate::util::get_uuid();
} }
/// Set the password hash generated
/// And resets the security_stamp. Based upon the allow_next_route the security_stamp will be different.
///
/// # Arguments
///
/// * `new_password_hash` - A str which contains a hashed version of the users master password.
/// * `new_key` - A String which contains the new aKey value of the users master password.
/// * `allow_next_route` - A Option<Vec<String>> with the function names of the next allowed (rocket) routes.
/// These routes are able to use the previous stamp id for the next 2 minutes.
/// After these 2 minutes this stamp will expire.
///
pub fn set_password_and_key(
&mut self,
new_password_hash: &str,
new_key: &str,
allow_next_route: Option<Vec<String>>,
) {
self.set_password(new_password_hash, allow_next_route);
self.akey = String::from(new_key);
}
/// Set the stamp_exception to only allow a subsequent request matching a specific route using the current security-stamp. /// Set the stamp_exception to only allow a subsequent request matching a specific route using the current security-stamp.
/// ///
/// # Arguments /// # Arguments

1
src/db/schemas/mysql/schema.rs
View file

@ -222,6 +222,7 @@ table! {
akey -> Text, akey -> Text,
status -> Integer, status -> Integer,
atype -> Integer, atype -> Integer,
reset_password_key -> Nullable<Text>,
} }
} }

1
src/db/schemas/postgresql/schema.rs
View file

@ -222,6 +222,7 @@ table! {
akey -> Text, akey -> Text,
status -> Integer, status -> Integer,
atype -> Integer, atype -> Integer,
reset_password_key -> Nullable<Text>,
} }
} }

1
src/db/schemas/sqlite/schema.rs
View file

@ -222,6 +222,7 @@ table! {
akey -> Text, akey -> Text,
status -> Integer, status -> Integer,
atype -> Integer, atype -> Integer,
reset_password_key -> Nullable<Text>,
} }
} }