mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-11-25 13:20:23 +00:00
Merge pull request #695 from mprasil/do-not-leak-usernames
Stop leaking usernames when SIGNUPS_ALLOWED=false
This commit is contained in:
commit
e2e3712921
1 changed files with 7 additions and 3 deletions
|
@ -62,7 +62,11 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
|
|||
let mut user = match User::find_by_mail(&data.Email, &conn) {
|
||||
Some(user) => {
|
||||
if !user.password_hash.is_empty() {
|
||||
err!("User already exists")
|
||||
if CONFIG.signups_allowed() {
|
||||
err!("User already exists")
|
||||
} else {
|
||||
err!("Registration not allowed or user already exists")
|
||||
}
|
||||
}
|
||||
|
||||
if let Some(token) = data.Token {
|
||||
|
@ -82,14 +86,14 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
|
|||
} else if CONFIG.signups_allowed() {
|
||||
err!("Account with this email already exists")
|
||||
} else {
|
||||
err!("Registration not allowed")
|
||||
err!("Registration not allowed or user already exists")
|
||||
}
|
||||
}
|
||||
None => {
|
||||
if CONFIG.signups_allowed() || Invitation::take(&data.Email, &conn) {
|
||||
User::new(data.Email.clone())
|
||||
} else {
|
||||
err!("Registration not allowed")
|
||||
err!("Registration not allowed or user already exists")
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue