Merge pull request #3632 from sirux88/fix-reset-password-check-issue

fix missing password check while manual reset password enrollment
This commit is contained in:
Daniel García 2023-07-04 20:55:34 +02:00 committed by GitHub
commit 814ce9a6ac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -2675,6 +2675,7 @@ async fn delete_group_user(
#[allow(non_snake_case)]
struct OrganizationUserResetPasswordEnrollmentRequest {
ResetPasswordKey: Option<String>,
MasterPasswordHash: Option<String>,
}
#[derive(Deserialize)]
@ -2856,6 +2857,17 @@ async fn put_reset_password_enrollment(
err!("Reset password can't be withdrawed due to an enterprise policy");
}
if reset_request.ResetPasswordKey.is_some() {
match reset_request.MasterPasswordHash {
Some(password) => {
if !headers.user.check_valid_password(&password) {
err!("Invalid or wrong password")
}
}
None => err!("No password provided"),
};
}
org_user.reset_password_key = reset_request.ResetPasswordKey;
org_user.save(&mut conn).await?;