MirrorHub/bitwarden_rs
0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-11-17 07:22:04 +01:00
Code Issues Releases Wiki Activity

Finish invite functionality, and remove virtual organization

Browse source
This commit is contained in:
Daniel García 2018-12-19 22:51:08 +01:00
parent 6a99849a1e
commit b2fc0499f6
No known key found for this signature in database
GPG key ID: FC8A7D14C3CD543A
6 changed files with 42 additions and 138 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/api/admin.rs
View file

@ -40,11 +40,10 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
err!("Invitations are not allowed") err!("Invitations are not allowed")
} }
let mut invitation = Invitation::new(data.Email.clone()); let mut invitation = Invitation::new(data.Email);
let mut user = User::new(data.Email);
invitation.save(&conn)?; invitation.save(&conn)?;
user.save(&conn)?;
// TODO: Might want to send an email?
Ok(Json(json!({}))) Ok(Json(json!({})))
} }

29
src/api/core/organizations.rs
View file

@ -426,9 +426,6 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
}; };
// Don't create UserOrganization in virtual organization
let mut org_user_id = None;
if org_id != Organization::VIRTUAL_ID {
let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone()); let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone());
let access_all = data.AccessAll.unwrap_or(false); let access_all = data.AccessAll.unwrap_or(false);
new_user.access_all = access_all; new_user.access_all = access_all;
@ -448,23 +445,23 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
} }
new_user.save(&conn)?; new_user.save(&conn)?;
org_user_id = Some(new_user.uuid.clone());
}
if CONFIG.mail.is_some() { if CONFIG.mail.is_some() {
let org_name = match Organization::find_by_uuid(&org_id, &conn) { let org_name = match Organization::find_by_uuid(&org_id, &conn) {
Some(org) => org.name, Some(org) => org.name,
None => err!("Error looking up organization") None => err!("Error looking up organization")
}; };
let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), org_user_id.clone()); let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), Some(new_user.uuid.clone()));
let invite_token = encode_jwt(&claims); let invite_token = encode_jwt(&claims);
if let Some(ref mail_config) = CONFIG.mail { if let Some(ref mail_config) = CONFIG.mail {
if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()), if let Err(e) = mail::send_invite(&email, &org_id, &new_user.uuid,
&invite_token, &org_name, mail_config) { &invite_token, &org_name, mail_config) {
err!(format!("There has been a problem sending the email: {}", e)) err!(format!("There has been a problem sending the email: {}", e))
} }
} }
} }
new_user.save(&conn)?;
} }
Ok(()) Ok(())
@ -480,10 +477,6 @@ fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn:
err!("SMTP is not configured.") err!("SMTP is not configured.")
} }
if org_id == Organization::VIRTUAL_ID {
err!("This functionality is incompatible with the bitwarden_rs virtual organization. Please delete the user and send a new invitation.")
}
let user_org = match UserOrganization::find_by_uuid(&user_org, &conn) { let user_org = match UserOrganization::find_by_uuid(&user_org, &conn) {
Some(user_org) => user_org, Some(user_org) => user_org,
None => err!("UserOrg not found."), None => err!("UserOrg not found."),
@ -682,20 +675,6 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
#[delete("/organizations/<org_id>/users/<org_user_id>")] #[delete("/organizations/<org_id>/users/<org_user_id>")]
fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
// We're deleting user in virtual Organization. Delete User, not UserOrganization
if org_id == Organization::VIRTUAL_ID {
match User::find_by_uuid(&org_user_id, &conn) {
Some(user_to_delete) => {
if user_to_delete.uuid == headers.user.uuid {
err!("Delete your account in the account settings")
} else {
user_to_delete.delete(&conn)?;
}
},
None => err!("User not found")
}
}
let user_to_delete = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) { let user_to_delete = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) {
Some(user) => user, Some(user) => user,
None => err!("User to delete isn't member of the organization") None => err!("User to delete isn't member of the organization")

10
src/auth.rs
View file

@ -131,7 +131,7 @@ use rocket::Outcome;
use rocket::request::{self, Request, FromRequest}; use rocket::request::{self, Request, FromRequest};
use crate::db::DbConn; use crate::db::DbConn;
use crate::db::models::{User, Organization, UserOrganization, UserOrgType, UserOrgStatus, Device}; use crate::db::models::{User, UserOrganization, UserOrgType, UserOrgStatus, Device};
pub struct Headers { pub struct Headers {
pub host: String, pub host: String,
@ -245,13 +245,7 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
err_handler!("The current user isn't confirmed member of the organization") err_handler!("The current user isn't confirmed member of the organization")
} }
} }
None => { None => err_handler!("The current user isn't member of the organization")
if headers.user.is_server_admin() && org_id == Organization::VIRTUAL_ID {
UserOrganization::new_virtual(headers.user.uuid.clone(), UserOrgType::Owner, UserOrgStatus::Confirmed)
} else {
err_handler!("The current user isn't member of the organization")
}
}
}; };
Outcome::Success(Self{ Outcome::Success(Self{

56
src/db/models/organization.rs
View file

@ -1,7 +1,7 @@
use std::cmp::Ordering; use std::cmp::Ordering;
use serde_json::Value; use serde_json::Value;
use super::{User, CollectionUser, Invitation}; use super::{User, CollectionUser};
#[derive(Debug, Identifiable, Queryable, Insertable)] #[derive(Debug, Identifiable, Queryable, Insertable)]
#[table_name = "organizations"] #[table_name = "organizations"]
@ -154,8 +154,6 @@ impl UserOrgType {
/// Local methods /// Local methods
impl Organization { impl Organization {
pub const VIRTUAL_ID: &'static str = "00000000-0000-0000-0000-000000000000";
pub fn new(name: String, billing_email: String) -> Self { pub fn new(name: String, billing_email: String) -> Self {
Self { Self {
uuid: crate::util::get_uuid(), uuid: crate::util::get_uuid(),
@ -165,14 +163,6 @@ impl Organization {
} }
} }
pub fn new_virtual() -> Self {
Self {
uuid: String::from(Organization::VIRTUAL_ID),
name: String::from("bitwarden_rs"),
billing_email: String::from("none@none.none")
}
}
pub fn to_json(&self) -> Value { pub fn to_json(&self) -> Value {
json!({ json!({
"Id": self.uuid, "Id": self.uuid,
@ -216,20 +206,6 @@ impl UserOrganization {
type_: UserOrgType::User as i32, type_: UserOrgType::User as i32,
} }
} }
pub fn new_virtual(user_uuid: String, type_: UserOrgType, status: UserOrgStatus) -> Self {
Self {
uuid: user_uuid.clone(),
user_uuid,
org_uuid: String::from(Organization::VIRTUAL_ID),
access_all: true,
key: String::new(),
status: status as i32,
type_: type_ as i32,
}
}
} }
@ -244,10 +220,6 @@ use crate::error::MapResult;
/// Database methods /// Database methods
impl Organization { impl Organization {
pub fn save(&mut self, conn: &DbConn) -> EmptyResult { pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
if self.uuid == Organization::VIRTUAL_ID {
err!("diesel::result::Error::NotFound")
}
UserOrganization::find_by_org(&self.uuid, conn) UserOrganization::find_by_org(&self.uuid, conn)
.iter() .iter()
.for_each(|user_org| { .for_each(|user_org| {
@ -262,10 +234,6 @@ impl Organization {
pub fn delete(self, conn: &DbConn) -> EmptyResult { pub fn delete(self, conn: &DbConn) -> EmptyResult {
use super::{Cipher, Collection}; use super::{Cipher, Collection};
if self.uuid == Organization::VIRTUAL_ID {
err!("diesel::result::Error::NotFound")
}
Cipher::delete_all_by_organization(&self.uuid, &conn)?; Cipher::delete_all_by_organization(&self.uuid, &conn)?;
Collection::delete_all_by_organization(&self.uuid, &conn)?; Collection::delete_all_by_organization(&self.uuid, &conn)?;
UserOrganization::delete_all_by_organization(&self.uuid, &conn)?; UserOrganization::delete_all_by_organization(&self.uuid, &conn)?;
@ -279,9 +247,6 @@ impl Organization {
} }
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> { pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
if uuid == Organization::VIRTUAL_ID {
return Some(Self::new_virtual())
};
organizations::table organizations::table
.filter(organizations::uuid.eq(uuid)) .filter(organizations::uuid.eq(uuid))
.first::<Self>(&**conn).ok() .first::<Self>(&**conn).ok()
@ -371,9 +336,6 @@ impl UserOrganization {
} }
pub fn save(&mut self, conn: &DbConn) -> EmptyResult { pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
if self.org_uuid == Organization::VIRTUAL_ID {
err!("diesel::result::Error::NotFound")
}
User::update_uuid_revision(&self.user_uuid, conn); User::update_uuid_revision(&self.user_uuid, conn);
diesel::replace_into(users_organizations::table) diesel::replace_into(users_organizations::table)
@ -382,9 +344,6 @@ impl UserOrganization {
} }
pub fn delete(self, conn: &DbConn) -> EmptyResult { pub fn delete(self, conn: &DbConn) -> EmptyResult {
if self.org_uuid == Organization::VIRTUAL_ID {
err!("diesel::result::Error::NotFound")
}
User::update_uuid_revision(&self.user_uuid, conn); User::update_uuid_revision(&self.user_uuid, conn);
CollectionUser::delete_all_by_user(&self.user_uuid, &conn)?; CollectionUser::delete_all_by_user(&self.user_uuid, &conn)?;
@ -449,23 +408,10 @@ impl UserOrganization {
} }
pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> { pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
if org_uuid == Organization::VIRTUAL_ID {
User::get_all(&*conn).iter().map(|user| {
Self::new_virtual(
user.uuid.clone(),
UserOrgType::User,
if Invitation::find_by_mail(&user.email, &conn).is_some() {
UserOrgStatus::Invited
} else {
UserOrgStatus::Confirmed
})
}).collect()
} else {
users_organizations::table users_organizations::table
.filter(users_organizations::org_uuid.eq(org_uuid)) .filter(users_organizations::org_uuid.eq(org_uuid))
.load::<Self>(&**conn).expect("Error loading user organizations") .load::<Self>(&**conn).expect("Error loading user organizations")
} }
}
pub fn find_by_org_and_type(org_uuid: &str, type_: i32, conn: &DbConn) -> Vec<Self> { pub fn find_by_org_and_type(org_uuid: &str, type_: i32, conn: &DbConn) -> Vec<Self> {
users_organizations::table users_organizations::table

16
src/db/models/user.rs
View file

@ -100,13 +100,6 @@ impl User {
pub fn reset_security_stamp(&mut self) { pub fn reset_security_stamp(&mut self) {
self.security_stamp = crate::util::get_uuid(); self.security_stamp = crate::util::get_uuid();
} }
pub fn is_server_admin(&self) -> bool {
match CONFIG.server_admin_email {
Some(ref server_admin_email) => &self.email == server_admin_email,
None => false
}
}
} }
use diesel; use diesel;
@ -121,12 +114,9 @@ use crate::error::MapResult;
/// Database methods /// Database methods
impl User { impl User {
pub fn to_json(&self, conn: &DbConn) -> Value { pub fn to_json(&self, conn: &DbConn) -> Value {
use super::{UserOrganization, UserOrgType, UserOrgStatus, TwoFactor}; use super::{UserOrganization, TwoFactor};
let mut orgs = UserOrganization::find_by_user(&self.uuid, conn); let orgs = UserOrganization::find_by_user(&self.uuid, conn);
if self.is_server_admin() {
orgs.push(UserOrganization::new_virtual(self.uuid.clone(), UserOrgType::Owner, UserOrgStatus::Confirmed));
}
let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(&conn)).collect(); let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(&conn)).collect();
let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty(); let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty();
@ -172,7 +162,7 @@ impl User {
Cipher::delete_all_by_user(&self.uuid, &*conn)?; Cipher::delete_all_by_user(&self.uuid, &*conn)?;
Folder::delete_all_by_user(&self.uuid, &*conn)?; Folder::delete_all_by_user(&self.uuid, &*conn)?;
Device::delete_all_by_user(&self.uuid, &*conn)?; Device::delete_all_by_user(&self.uuid, &*conn)?;
//TwoFactor::delete_all_by_user(&self.uuid, &*conn)?; TwoFactor::delete_all_by_user(&self.uuid, &*conn)?;
Invitation::take(&self.email, &*conn); // Delete invitation if any Invitation::take(&self.email, &*conn); // Delete invitation if any
diesel::delete(users::table.filter( diesel::delete(users::table.filter(

28
src/static/admin.html
View file

@ -27,10 +27,8 @@
function identicon(email) { function identicon(email) {
const data = new Identicon(md5(email), { const data = new Identicon(md5(email), {
size: 48, size: 48, format: 'svg'
format: 'svg'
}).toString(); }).toString();
return "data:image/svg+xml;base64," + data; return "data:image/svg+xml;base64," + data;
} }
@ -84,22 +82,19 @@
function loadUsers() { function loadUsers() {
$("#users-list").empty(); $("#users-list").empty();
$.get({ url: "/admin/users", headers: _headers() }) $.get({ url: "/admin/users", headers: _headers() })
.done(fillRow) .done(fillRow).fail(resetKey);
.fail(resetKey);
return false; return false;
} }
function _post(url, successMsg, errMsg, resetOnErr, data) { function _post(url, successMsg, errMsg, resetOnErr, data) {
$.post({ url: url, headers: _headers(), data: data }) $.post({ url: url, headers: _headers(), data: data })
.done(() => { .done(function () {
alert(successMsg); alert(successMsg);
loadUsers(); loadUsers();
}) }).fail(function (e) {
.fail((e) => { const r = e.responseJSON;
const msg = e.responseJSON ? const msg = r ? r.ErrorModel.Message : "Unknown error";
e.responseJSON.ErrorModel.Message
: "Unknown error";
alert(errMsg + ": " + msg); alert(errMsg + ": " + msg);
if (resetOnErr) { resetKey(); } if (resetOnErr) { resetKey(); }
}); });
@ -112,18 +107,19 @@
} }
function inviteUser() { function inviteUser() {
data = JSON.stringify({ "Email": $("#email-invite").val() }); inv = $("#email-invite");
data = JSON.stringify({ "Email": inv.val() });
_post("/admin/invite/", inv.val("");
"User invited correctly", _post("/admin/invite/", "User invited correctly",
"Error inviting user", false, data); "Error inviting user", false, data);
return false;
} }
$(window).on('load', function () { $(window).on('load', function () {
setKey(); setKey();
$("#key-form").submit(setKey); $("#key-form").submit(setKey);
$("#reload-btn").on("click", loadUsers); $("#reload-btn").click(loadUsers);
$("#invite-form").submit(inviteUser); $("#invite-form").submit(inviteUser);
}); });
</script> </script>