Merge pull request #3632 from sirux88/fix-reset-password-check-issue
fix missing password check while manual reset password enrollment
This commit is contained in:
commit
814ce9a6ac
|
@ -2675,6 +2675,7 @@ async fn delete_group_user(
|
|||
#[allow(non_snake_case)]
|
||||
struct OrganizationUserResetPasswordEnrollmentRequest {
|
||||
ResetPasswordKey: Option<String>,
|
||||
MasterPasswordHash: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
|
@ -2856,6 +2857,17 @@ async fn put_reset_password_enrollment(
|
|||
err!("Reset password can't be withdrawed due to an enterprise policy");
|
||||
}
|
||||
|
||||
if reset_request.ResetPasswordKey.is_some() {
|
||||
match reset_request.MasterPasswordHash {
|
||||
Some(password) => {
|
||||
if !headers.user.check_valid_password(&password) {
|
||||
err!("Invalid or wrong password")
|
||||
}
|
||||
}
|
||||
None => err!("No password provided"),
|
||||
};
|
||||
}
|
||||
|
||||
org_user.reset_password_key = reset_request.ResetPasswordKey;
|
||||
org_user.save(&mut conn).await?;
|
||||
|
||||
|
|
Loading…
Reference in New Issue