MyFavMirrors/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-04-29 14:47:56 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix invited user registration without SMTP (#5712)

Browse Source
This commit is contained in:
Timshel 2025-04-04 11:54:28 +00:00 committed by GitHub
parent 3a1f1bae00
commit f960bf59bb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/api/identity.rs
View File

@ -744,8 +744,13 @@ async fn register_verification_email(
let should_send_mail = CONFIG.mail_enabled() && CONFIG.signups_verify(); let should_send_mail = CONFIG.mail_enabled() && CONFIG.signups_verify();
if User::find_by_mail(&data.email, &mut conn).await.is_some() { let token_claims =
crate::auth::generate_register_verify_claims(data.email.clone(), data.name.clone(), should_send_mail);
let token = crate::auth::encode_jwt(&token_claims);
if should_send_mail { if should_send_mail {
let user = User::find_by_mail(&data.email, &mut conn).await;
if user.filter(|u| u.private_key.is_some()).is_some() {
// There is still a timing side channel here in that the code // There is still a timing side channel here in that the code
// paths that send mail take noticeably longer than ones that // paths that send mail take noticeably longer than ones that
// don't. Add a randomized sleep to mitigate this somewhat. // don't. Add a randomized sleep to mitigate this somewhat.
@ -754,16 +759,9 @@ async fn register_verification_email(
let delta: i32 = 100; let delta: i32 = 100;
let sleep_ms = (1_000 + rng.random_range(-delta..=delta)) as u64; let sleep_ms = (1_000 + rng.random_range(-delta..=delta)) as u64;
tokio::time::sleep(tokio::time::Duration::from_millis(sleep_ms)).await; tokio::time::sleep(tokio::time::Duration::from_millis(sleep_ms)).await;
} } else {
return Ok(RegisterVerificationResponse::NoContent(()));
}
let token_claims =
crate::auth::generate_register_verify_claims(data.email.clone(), data.name.clone(), should_send_mail);
let token = crate::auth::encode_jwt(&token_claims);
if should_send_mail {
mail::send_register_verify_email(&data.email, &token).await?; mail::send_register_verify_email(&data.email, &token).await?;
}
Ok(RegisterVerificationResponse::NoContent(())) Ok(RegisterVerificationResponse::NoContent(()))
} else { } else {