mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-11-10 06:14:16 +00:00
[PATCH] Some fixes to the Emergency Access PR
- Changed the date of the migration folders to be from this date. - Removed a lot is_email_domain_allowed checks. This check only needs to be done during the invite it self, else everything else will fail even if a user has an account created via the /admin interface which bypasses that specific check! Also, the check was at the wrong place anyway's, since it would only not send out an e-mail, but would still have allowed an not allowed domain to be used when e-mail would have been disabled. While that check always works, even if sending e-mails is disasbled. - Added an extra allowed route during password/key-rotation change which updates/checks the public-key afterwards. - A small change with some `Some` and `None` orders. - Change the new invite object to only generate the UTC time once, since it could be possible that there will be a second difference, and we only need to call it just once. by black.dex@gmail.com Signed-off-by: thelittlefireman <thelittlefireman@users.noreply.github.com>
This commit is contained in:
parent
4ab9362971
commit
ca20b3d80c
12 changed files with 12 additions and 46 deletions
|
@ -1 +0,0 @@
|
|||
DROP TABLE emergency_access;
|
|
@ -0,0 +1 @@
|
|||
DROP TABLE emergency_access;
|
|
@ -11,4 +11,4 @@ CREATE TABLE emergency_access (
|
|||
last_notification_at DATETIME,
|
||||
updated_at DATETIME NOT NULL,
|
||||
created_at DATETIME NOT NULL
|
||||
);
|
||||
);
|
|
@ -1 +0,0 @@
|
|||
DROP TABLE emergency_access;
|
|
@ -0,0 +1 @@
|
|||
DROP TABLE emergency_access;
|
|
@ -11,4 +11,4 @@ CREATE TABLE emergency_access (
|
|||
last_notification_at TIMESTAMP,
|
||||
updated_at TIMESTAMP NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL
|
||||
);
|
||||
);
|
|
@ -1 +0,0 @@
|
|||
DROP TABLE emergency_access;
|
|
@ -0,0 +1 @@
|
|||
DROP TABLE emergency_access;
|
|
@ -11,4 +11,4 @@ CREATE TABLE emergency_access (
|
|||
last_notification_at DATETIME,
|
||||
updated_at DATETIME NOT NULL,
|
||||
created_at DATETIME NOT NULL
|
||||
);
|
||||
);
|
|
@ -239,7 +239,7 @@ fn post_password(data: JsonUpcase<ChangePassData>, headers: Headers, conn: DbCon
|
|||
|
||||
user.set_password(
|
||||
&data.NewMasterPasswordHash,
|
||||
Some(vec![String::from("post_rotatekey"), String::from("get_contacts")]),
|
||||
Some(vec![String::from("post_rotatekey"), String::from("get_contacts"), String::from("get_public_keys")]),
|
||||
);
|
||||
user.akey = data.Key;
|
||||
user.save(&conn)
|
||||
|
|
|
@ -268,13 +268,9 @@ fn resend_invite(emer_id: String, headers: Headers, conn: DbConn) -> EmptyResult
|
|||
None => err!("Email not valid."),
|
||||
};
|
||||
|
||||
if !CONFIG.is_email_domain_allowed(&email) {
|
||||
err!("Email domain not eligible for invitations.")
|
||||
}
|
||||
|
||||
let grantee_user = match User::find_by_mail(&email, &conn) {
|
||||
None => err!("Grantee user not found."),
|
||||
Some(user) => user,
|
||||
None => err!("Grantee user not found."),
|
||||
};
|
||||
|
||||
let grantor_user = headers.user;
|
||||
|
@ -346,10 +342,6 @@ fn accept_invite(emer_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) ->
|
|||
}
|
||||
|
||||
if CONFIG.mail_enabled() {
|
||||
if !CONFIG.is_email_domain_allowed(&grantor_user.email) {
|
||||
err!("Email domain not valid.")
|
||||
}
|
||||
|
||||
mail::send_emergency_access_invite_accepted(&grantor_user.email, &grantee_user.email)?;
|
||||
}
|
||||
|
||||
|
@ -428,10 +420,6 @@ fn confirm_emergency_access(
|
|||
emergency_access.save(&conn)?;
|
||||
|
||||
if CONFIG.mail_enabled() {
|
||||
if !CONFIG.is_email_domain_allowed(&grantee_user.email) {
|
||||
err!("Email domain not valid.")
|
||||
}
|
||||
|
||||
mail::send_emergency_access_invite_confirmed(&grantee_user.email, &grantor_user.name)?;
|
||||
}
|
||||
Ok(Json(emergency_access.to_json()))
|
||||
|
@ -473,10 +461,6 @@ fn initiate_emergency_access(emer_id: String, headers: Headers, conn: DbConn) ->
|
|||
emergency_access.save(&conn)?;
|
||||
|
||||
if CONFIG.mail_enabled() {
|
||||
if !CONFIG.is_email_domain_allowed(&grantor_user.email) {
|
||||
err!("Email domain not valid.")
|
||||
}
|
||||
|
||||
mail::send_emergency_access_recovery_initiated(
|
||||
&grantor_user.email,
|
||||
&initiating_user.name,
|
||||
|
@ -518,10 +502,6 @@ fn approve_emergency_access(emer_id: String, headers: Headers, conn: DbConn) ->
|
|||
emergency_access.save(&conn)?;
|
||||
|
||||
if CONFIG.mail_enabled() {
|
||||
if !CONFIG.is_email_domain_allowed(&grantee_user.email) {
|
||||
err!("Email domain not valid.")
|
||||
}
|
||||
|
||||
mail::send_emergency_access_recovery_approved(&grantee_user.email, &grantor_user.name)?;
|
||||
}
|
||||
Ok(Json(emergency_access.to_json()))
|
||||
|
@ -563,10 +543,6 @@ fn reject_emergency_access(emer_id: String, headers: Headers, conn: DbConn) -> J
|
|||
emergency_access.save(&conn)?;
|
||||
|
||||
if CONFIG.mail_enabled() {
|
||||
if !CONFIG.is_email_domain_allowed(&grantee_user.email) {
|
||||
err!("Email domain not valid.")
|
||||
}
|
||||
|
||||
mail::send_emergency_access_recovery_rejected(&grantee_user.email, &grantor_user.name)?;
|
||||
}
|
||||
Ok(Json(emergency_access.to_json()))
|
||||
|
@ -764,10 +740,6 @@ pub fn emergency_request_timeout_job(pool: DbPool) {
|
|||
User::find_by_uuid(&emer.grantee_uuid.clone().expect("Grantee user invalid."), &conn)
|
||||
.expect("Grantee user not found.");
|
||||
|
||||
if !CONFIG.is_email_domain_allowed(&grantor_user.email) {
|
||||
error!("Email domain not valid.")
|
||||
}
|
||||
|
||||
mail::send_emergency_access_recovery_timed_out(
|
||||
&grantor_user.email,
|
||||
&grantee_user.name.clone(),
|
||||
|
@ -775,10 +747,6 @@ pub fn emergency_request_timeout_job(pool: DbPool) {
|
|||
)
|
||||
.expect("Error on sending email");
|
||||
|
||||
if !CONFIG.is_email_domain_allowed(&grantee_user.email) {
|
||||
error!("Email not valid.")
|
||||
}
|
||||
|
||||
mail::send_emergency_access_recovery_approved(&grantee_user.email, &grantor_user.name.clone())
|
||||
.expect("Error on sending email");
|
||||
}
|
||||
|
@ -816,10 +784,6 @@ pub fn emergency_notification_reminder_job(pool: DbPool) {
|
|||
// get grantor user to send Accepted email
|
||||
let grantor_user = User::find_by_uuid(&emer.grantor_uuid, &conn).expect("Grantor user not found.");
|
||||
|
||||
if !CONFIG.is_email_domain_allowed(&grantor_user.email) {
|
||||
error!("Email not valid.")
|
||||
}
|
||||
|
||||
// get grantee user to send Accepted email
|
||||
let grantee_user =
|
||||
User::find_by_uuid(&emer.grantee_uuid.clone().expect("Grantee user invalid."), &conn)
|
||||
|
|
|
@ -29,6 +29,8 @@ db_object! {
|
|||
|
||||
impl EmergencyAccess {
|
||||
pub fn new(grantor_uuid: String, email: Option<String>, status: i32, atype: i32, wait_time_days: i32) -> Self {
|
||||
let now = Utc::now().naive_utc();
|
||||
|
||||
Self {
|
||||
uuid: crate::util::get_uuid(),
|
||||
grantor_uuid,
|
||||
|
@ -38,8 +40,8 @@ impl EmergencyAccess {
|
|||
atype,
|
||||
wait_time_days,
|
||||
recovery_initiated_at: None,
|
||||
created_at: Utc::now().naive_utc(),
|
||||
updated_at: Utc::now().naive_utc(),
|
||||
created_at: now,
|
||||
updated_at: now,
|
||||
key_encrypted: None,
|
||||
last_notification_at: None,
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue