mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-12-28 08:05:57 -05:00
Finish invite functionality, and remove virtual organization
This commit is contained in:
parent
6a99849a1e
commit
b2fc0499f6
@ -40,11 +40,10 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
|
|||||||
err!("Invitations are not allowed")
|
err!("Invitations are not allowed")
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut invitation = Invitation::new(data.Email.clone());
|
let mut invitation = Invitation::new(data.Email);
|
||||||
let mut user = User::new(data.Email);
|
|
||||||
|
|
||||||
invitation.save(&conn)?;
|
invitation.save(&conn)?;
|
||||||
user.save(&conn)?;
|
|
||||||
|
// TODO: Might want to send an email?
|
||||||
|
|
||||||
Ok(Json(json!({})))
|
Ok(Json(json!({})))
|
||||||
}
|
}
|
||||||
|
@ -426,9 +426,6 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
|||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
// Don't create UserOrganization in virtual organization
|
|
||||||
let mut org_user_id = None;
|
|
||||||
if org_id != Organization::VIRTUAL_ID {
|
|
||||||
let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone());
|
let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone());
|
||||||
let access_all = data.AccessAll.unwrap_or(false);
|
let access_all = data.AccessAll.unwrap_or(false);
|
||||||
new_user.access_all = access_all;
|
new_user.access_all = access_all;
|
||||||
@ -448,23 +445,23 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
|||||||
}
|
}
|
||||||
|
|
||||||
new_user.save(&conn)?;
|
new_user.save(&conn)?;
|
||||||
org_user_id = Some(new_user.uuid.clone());
|
|
||||||
}
|
|
||||||
|
|
||||||
if CONFIG.mail.is_some() {
|
if CONFIG.mail.is_some() {
|
||||||
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
let org_name = match Organization::find_by_uuid(&org_id, &conn) {
|
||||||
Some(org) => org.name,
|
Some(org) => org.name,
|
||||||
None => err!("Error looking up organization")
|
None => err!("Error looking up organization")
|
||||||
};
|
};
|
||||||
let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), org_user_id.clone());
|
let claims = generate_invite_claims(user.uuid.to_string(), user.email.clone(), org_id.clone(), Some(new_user.uuid.clone()));
|
||||||
let invite_token = encode_jwt(&claims);
|
let invite_token = encode_jwt(&claims);
|
||||||
if let Some(ref mail_config) = CONFIG.mail {
|
if let Some(ref mail_config) = CONFIG.mail {
|
||||||
if let Err(e) = mail::send_invite(&email, &org_id, &org_user_id.unwrap_or(Organization::VIRTUAL_ID.to_string()),
|
if let Err(e) = mail::send_invite(&email, &org_id, &new_user.uuid,
|
||||||
&invite_token, &org_name, mail_config) {
|
&invite_token, &org_name, mail_config) {
|
||||||
err!(format!("There has been a problem sending the email: {}", e))
|
err!(format!("There has been a problem sending the email: {}", e))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
new_user.save(&conn)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
@ -480,10 +477,6 @@ fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn:
|
|||||||
err!("SMTP is not configured.")
|
err!("SMTP is not configured.")
|
||||||
}
|
}
|
||||||
|
|
||||||
if org_id == Organization::VIRTUAL_ID {
|
|
||||||
err!("This functionality is incompatible with the bitwarden_rs virtual organization. Please delete the user and send a new invitation.")
|
|
||||||
}
|
|
||||||
|
|
||||||
let user_org = match UserOrganization::find_by_uuid(&user_org, &conn) {
|
let user_org = match UserOrganization::find_by_uuid(&user_org, &conn) {
|
||||||
Some(user_org) => user_org,
|
Some(user_org) => user_org,
|
||||||
None => err!("UserOrg not found."),
|
None => err!("UserOrg not found."),
|
||||||
@ -682,20 +675,6 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
|
|||||||
|
|
||||||
#[delete("/organizations/<org_id>/users/<org_user_id>")]
|
#[delete("/organizations/<org_id>/users/<org_user_id>")]
|
||||||
fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
|
fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
|
||||||
// We're deleting user in virtual Organization. Delete User, not UserOrganization
|
|
||||||
if org_id == Organization::VIRTUAL_ID {
|
|
||||||
match User::find_by_uuid(&org_user_id, &conn) {
|
|
||||||
Some(user_to_delete) => {
|
|
||||||
if user_to_delete.uuid == headers.user.uuid {
|
|
||||||
err!("Delete your account in the account settings")
|
|
||||||
} else {
|
|
||||||
user_to_delete.delete(&conn)?;
|
|
||||||
}
|
|
||||||
},
|
|
||||||
None => err!("User not found")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let user_to_delete = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) {
|
let user_to_delete = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) {
|
||||||
Some(user) => user,
|
Some(user) => user,
|
||||||
None => err!("User to delete isn't member of the organization")
|
None => err!("User to delete isn't member of the organization")
|
||||||
|
10
src/auth.rs
10
src/auth.rs
@ -131,7 +131,7 @@ use rocket::Outcome;
|
|||||||
use rocket::request::{self, Request, FromRequest};
|
use rocket::request::{self, Request, FromRequest};
|
||||||
|
|
||||||
use crate::db::DbConn;
|
use crate::db::DbConn;
|
||||||
use crate::db::models::{User, Organization, UserOrganization, UserOrgType, UserOrgStatus, Device};
|
use crate::db::models::{User, UserOrganization, UserOrgType, UserOrgStatus, Device};
|
||||||
|
|
||||||
pub struct Headers {
|
pub struct Headers {
|
||||||
pub host: String,
|
pub host: String,
|
||||||
@ -245,13 +245,7 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
|
|||||||
err_handler!("The current user isn't confirmed member of the organization")
|
err_handler!("The current user isn't confirmed member of the organization")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => {
|
None => err_handler!("The current user isn't member of the organization")
|
||||||
if headers.user.is_server_admin() && org_id == Organization::VIRTUAL_ID {
|
|
||||||
UserOrganization::new_virtual(headers.user.uuid.clone(), UserOrgType::Owner, UserOrgStatus::Confirmed)
|
|
||||||
} else {
|
|
||||||
err_handler!("The current user isn't member of the organization")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
Outcome::Success(Self{
|
Outcome::Success(Self{
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
use std::cmp::Ordering;
|
use std::cmp::Ordering;
|
||||||
use serde_json::Value;
|
use serde_json::Value;
|
||||||
|
|
||||||
use super::{User, CollectionUser, Invitation};
|
use super::{User, CollectionUser};
|
||||||
|
|
||||||
#[derive(Debug, Identifiable, Queryable, Insertable)]
|
#[derive(Debug, Identifiable, Queryable, Insertable)]
|
||||||
#[table_name = "organizations"]
|
#[table_name = "organizations"]
|
||||||
@ -154,8 +154,6 @@ impl UserOrgType {
|
|||||||
|
|
||||||
/// Local methods
|
/// Local methods
|
||||||
impl Organization {
|
impl Organization {
|
||||||
pub const VIRTUAL_ID: &'static str = "00000000-0000-0000-0000-000000000000";
|
|
||||||
|
|
||||||
pub fn new(name: String, billing_email: String) -> Self {
|
pub fn new(name: String, billing_email: String) -> Self {
|
||||||
Self {
|
Self {
|
||||||
uuid: crate::util::get_uuid(),
|
uuid: crate::util::get_uuid(),
|
||||||
@ -165,14 +163,6 @@ impl Organization {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn new_virtual() -> Self {
|
|
||||||
Self {
|
|
||||||
uuid: String::from(Organization::VIRTUAL_ID),
|
|
||||||
name: String::from("bitwarden_rs"),
|
|
||||||
billing_email: String::from("none@none.none")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn to_json(&self) -> Value {
|
pub fn to_json(&self) -> Value {
|
||||||
json!({
|
json!({
|
||||||
"Id": self.uuid,
|
"Id": self.uuid,
|
||||||
@ -216,20 +206,6 @@ impl UserOrganization {
|
|||||||
type_: UserOrgType::User as i32,
|
type_: UserOrgType::User as i32,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn new_virtual(user_uuid: String, type_: UserOrgType, status: UserOrgStatus) -> Self {
|
|
||||||
Self {
|
|
||||||
uuid: user_uuid.clone(),
|
|
||||||
|
|
||||||
user_uuid,
|
|
||||||
org_uuid: String::from(Organization::VIRTUAL_ID),
|
|
||||||
|
|
||||||
access_all: true,
|
|
||||||
key: String::new(),
|
|
||||||
status: status as i32,
|
|
||||||
type_: type_ as i32,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -244,10 +220,6 @@ use crate::error::MapResult;
|
|||||||
/// Database methods
|
/// Database methods
|
||||||
impl Organization {
|
impl Organization {
|
||||||
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
|
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
|
||||||
if self.uuid == Organization::VIRTUAL_ID {
|
|
||||||
err!("diesel::result::Error::NotFound")
|
|
||||||
}
|
|
||||||
|
|
||||||
UserOrganization::find_by_org(&self.uuid, conn)
|
UserOrganization::find_by_org(&self.uuid, conn)
|
||||||
.iter()
|
.iter()
|
||||||
.for_each(|user_org| {
|
.for_each(|user_org| {
|
||||||
@ -262,10 +234,6 @@ impl Organization {
|
|||||||
pub fn delete(self, conn: &DbConn) -> EmptyResult {
|
pub fn delete(self, conn: &DbConn) -> EmptyResult {
|
||||||
use super::{Cipher, Collection};
|
use super::{Cipher, Collection};
|
||||||
|
|
||||||
if self.uuid == Organization::VIRTUAL_ID {
|
|
||||||
err!("diesel::result::Error::NotFound")
|
|
||||||
}
|
|
||||||
|
|
||||||
Cipher::delete_all_by_organization(&self.uuid, &conn)?;
|
Cipher::delete_all_by_organization(&self.uuid, &conn)?;
|
||||||
Collection::delete_all_by_organization(&self.uuid, &conn)?;
|
Collection::delete_all_by_organization(&self.uuid, &conn)?;
|
||||||
UserOrganization::delete_all_by_organization(&self.uuid, &conn)?;
|
UserOrganization::delete_all_by_organization(&self.uuid, &conn)?;
|
||||||
@ -279,9 +247,6 @@ impl Organization {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
|
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
|
||||||
if uuid == Organization::VIRTUAL_ID {
|
|
||||||
return Some(Self::new_virtual())
|
|
||||||
};
|
|
||||||
organizations::table
|
organizations::table
|
||||||
.filter(organizations::uuid.eq(uuid))
|
.filter(organizations::uuid.eq(uuid))
|
||||||
.first::<Self>(&**conn).ok()
|
.first::<Self>(&**conn).ok()
|
||||||
@ -371,9 +336,6 @@ impl UserOrganization {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
|
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
|
||||||
if self.org_uuid == Organization::VIRTUAL_ID {
|
|
||||||
err!("diesel::result::Error::NotFound")
|
|
||||||
}
|
|
||||||
User::update_uuid_revision(&self.user_uuid, conn);
|
User::update_uuid_revision(&self.user_uuid, conn);
|
||||||
|
|
||||||
diesel::replace_into(users_organizations::table)
|
diesel::replace_into(users_organizations::table)
|
||||||
@ -382,9 +344,6 @@ impl UserOrganization {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn delete(self, conn: &DbConn) -> EmptyResult {
|
pub fn delete(self, conn: &DbConn) -> EmptyResult {
|
||||||
if self.org_uuid == Organization::VIRTUAL_ID {
|
|
||||||
err!("diesel::result::Error::NotFound")
|
|
||||||
}
|
|
||||||
User::update_uuid_revision(&self.user_uuid, conn);
|
User::update_uuid_revision(&self.user_uuid, conn);
|
||||||
|
|
||||||
CollectionUser::delete_all_by_user(&self.user_uuid, &conn)?;
|
CollectionUser::delete_all_by_user(&self.user_uuid, &conn)?;
|
||||||
@ -449,23 +408,10 @@ impl UserOrganization {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
||||||
if org_uuid == Organization::VIRTUAL_ID {
|
|
||||||
User::get_all(&*conn).iter().map(|user| {
|
|
||||||
Self::new_virtual(
|
|
||||||
user.uuid.clone(),
|
|
||||||
UserOrgType::User,
|
|
||||||
if Invitation::find_by_mail(&user.email, &conn).is_some() {
|
|
||||||
UserOrgStatus::Invited
|
|
||||||
} else {
|
|
||||||
UserOrgStatus::Confirmed
|
|
||||||
})
|
|
||||||
}).collect()
|
|
||||||
} else {
|
|
||||||
users_organizations::table
|
users_organizations::table
|
||||||
.filter(users_organizations::org_uuid.eq(org_uuid))
|
.filter(users_organizations::org_uuid.eq(org_uuid))
|
||||||
.load::<Self>(&**conn).expect("Error loading user organizations")
|
.load::<Self>(&**conn).expect("Error loading user organizations")
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
pub fn find_by_org_and_type(org_uuid: &str, type_: i32, conn: &DbConn) -> Vec<Self> {
|
pub fn find_by_org_and_type(org_uuid: &str, type_: i32, conn: &DbConn) -> Vec<Self> {
|
||||||
users_organizations::table
|
users_organizations::table
|
||||||
|
@ -100,13 +100,6 @@ impl User {
|
|||||||
pub fn reset_security_stamp(&mut self) {
|
pub fn reset_security_stamp(&mut self) {
|
||||||
self.security_stamp = crate::util::get_uuid();
|
self.security_stamp = crate::util::get_uuid();
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn is_server_admin(&self) -> bool {
|
|
||||||
match CONFIG.server_admin_email {
|
|
||||||
Some(ref server_admin_email) => &self.email == server_admin_email,
|
|
||||||
None => false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
use diesel;
|
use diesel;
|
||||||
@ -121,12 +114,9 @@ use crate::error::MapResult;
|
|||||||
/// Database methods
|
/// Database methods
|
||||||
impl User {
|
impl User {
|
||||||
pub fn to_json(&self, conn: &DbConn) -> Value {
|
pub fn to_json(&self, conn: &DbConn) -> Value {
|
||||||
use super::{UserOrganization, UserOrgType, UserOrgStatus, TwoFactor};
|
use super::{UserOrganization, TwoFactor};
|
||||||
|
|
||||||
let mut orgs = UserOrganization::find_by_user(&self.uuid, conn);
|
let orgs = UserOrganization::find_by_user(&self.uuid, conn);
|
||||||
if self.is_server_admin() {
|
|
||||||
orgs.push(UserOrganization::new_virtual(self.uuid.clone(), UserOrgType::Owner, UserOrgStatus::Confirmed));
|
|
||||||
}
|
|
||||||
let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(&conn)).collect();
|
let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(&conn)).collect();
|
||||||
let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty();
|
let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty();
|
||||||
|
|
||||||
@ -172,7 +162,7 @@ impl User {
|
|||||||
Cipher::delete_all_by_user(&self.uuid, &*conn)?;
|
Cipher::delete_all_by_user(&self.uuid, &*conn)?;
|
||||||
Folder::delete_all_by_user(&self.uuid, &*conn)?;
|
Folder::delete_all_by_user(&self.uuid, &*conn)?;
|
||||||
Device::delete_all_by_user(&self.uuid, &*conn)?;
|
Device::delete_all_by_user(&self.uuid, &*conn)?;
|
||||||
//TwoFactor::delete_all_by_user(&self.uuid, &*conn)?;
|
TwoFactor::delete_all_by_user(&self.uuid, &*conn)?;
|
||||||
Invitation::take(&self.email, &*conn); // Delete invitation if any
|
Invitation::take(&self.email, &*conn); // Delete invitation if any
|
||||||
|
|
||||||
diesel::delete(users::table.filter(
|
diesel::delete(users::table.filter(
|
||||||
|
@ -27,10 +27,8 @@
|
|||||||
|
|
||||||
function identicon(email) {
|
function identicon(email) {
|
||||||
const data = new Identicon(md5(email), {
|
const data = new Identicon(md5(email), {
|
||||||
size: 48,
|
size: 48, format: 'svg'
|
||||||
format: 'svg'
|
|
||||||
}).toString();
|
}).toString();
|
||||||
|
|
||||||
return "data:image/svg+xml;base64," + data;
|
return "data:image/svg+xml;base64," + data;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -84,22 +82,19 @@
|
|||||||
function loadUsers() {
|
function loadUsers() {
|
||||||
$("#users-list").empty();
|
$("#users-list").empty();
|
||||||
$.get({ url: "/admin/users", headers: _headers() })
|
$.get({ url: "/admin/users", headers: _headers() })
|
||||||
.done(fillRow)
|
.done(fillRow).fail(resetKey);
|
||||||
.fail(resetKey);
|
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
function _post(url, successMsg, errMsg, resetOnErr, data) {
|
function _post(url, successMsg, errMsg, resetOnErr, data) {
|
||||||
$.post({ url: url, headers: _headers(), data: data })
|
$.post({ url: url, headers: _headers(), data: data })
|
||||||
.done(() => {
|
.done(function () {
|
||||||
alert(successMsg);
|
alert(successMsg);
|
||||||
loadUsers();
|
loadUsers();
|
||||||
})
|
}).fail(function (e) {
|
||||||
.fail((e) => {
|
const r = e.responseJSON;
|
||||||
const msg = e.responseJSON ?
|
const msg = r ? r.ErrorModel.Message : "Unknown error";
|
||||||
e.responseJSON.ErrorModel.Message
|
|
||||||
: "Unknown error";
|
|
||||||
alert(errMsg + ": " + msg);
|
alert(errMsg + ": " + msg);
|
||||||
if (resetOnErr) { resetKey(); }
|
if (resetOnErr) { resetKey(); }
|
||||||
});
|
});
|
||||||
@ -112,18 +107,19 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
function inviteUser() {
|
function inviteUser() {
|
||||||
data = JSON.stringify({ "Email": $("#email-invite").val() });
|
inv = $("#email-invite");
|
||||||
|
data = JSON.stringify({ "Email": inv.val() });
|
||||||
_post("/admin/invite/",
|
inv.val("");
|
||||||
"User invited correctly",
|
_post("/admin/invite/", "User invited correctly",
|
||||||
"Error inviting user", false, data);
|
"Error inviting user", false, data);
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$(window).on('load', function () {
|
$(window).on('load', function () {
|
||||||
setKey();
|
setKey();
|
||||||
|
|
||||||
$("#key-form").submit(setKey);
|
$("#key-form").submit(setKey);
|
||||||
$("#reload-btn").on("click", loadUsers);
|
$("#reload-btn").click(loadUsers);
|
||||||
$("#invite-form").submit(inviteUser);
|
$("#invite-form").submit(inviteUser);
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
|
Loading…
Reference in New Issue
Block a user