1
0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2024-11-21 18:32:30 +01:00

added database migration

This commit is contained in:
sirux88 2023-01-25 08:06:21 +01:00
parent 9366e31452
commit 95494083f2
13 changed files with 61 additions and 6 deletions

View File

@ -0,0 +1,2 @@
ALTER TABLE users_organizations
ADD COLUMN reset_password_key VARCHAR(255);

View File

@ -0,0 +1,2 @@
ALTER TABLE users_organizations
ADD COLUMN reset_password_key TEXT;

View File

@ -0,0 +1,2 @@
ALTER TABLE users_organizations
ADD COLUMN reset_password_key TEXT;

View File

@ -87,9 +87,9 @@ pub enum EventType {
OrganizationUserRemoved = 1503,
OrganizationUserUpdatedGroups = 1504,
// OrganizationUserUnlinkedSso = 1505, // Not supported
// OrganizationUserResetPasswordEnroll = 1506, // Not supported
// OrganizationUserResetPasswordWithdraw = 1507, // Not supported
// OrganizationUserAdminResetPassword = 1508, // Not supported
OrganizationUserResetPasswordEnroll = 1506,
OrganizationUserResetPasswordWithdraw = 1507,
OrganizationUserAdminResetPassword = 1508,
// OrganizationUserResetSsoLink = 1509, // Not supported
// OrganizationUserFirstSsoLogin = 1510, // Not supported
OrganizationUserRevoked = 1511,

View File

@ -32,7 +32,7 @@ pub enum OrgPolicyType {
PersonalOwnership = 5,
DisableSend = 6,
SendOptions = 7,
// ResetPassword = 8, // Not supported
ResetPassword = 8,
// MaximumVaultTimeout = 9, // Not supported (Not AGPLv3 Licensed)
// DisablePersonalVaultExport = 10, // Not supported (Not AGPLv3 Licensed)
}
@ -44,6 +44,13 @@ pub struct SendOptionsPolicyData {
pub DisableHideEmail: bool,
}
// https://github.com/bitwarden/server/blob/5cbdee137921a19b1f722920f0fa3cd45af2ef0f/src/Core/Models/Data/Organizations/Policies/ResetPasswordDataModel.cs
#[derive(Deserialize)]
#[allow(non_snake_case)]
pub struct ResetPasswordDataModel {
pub AutoEnrollEnabled: bool,
}
pub type OrgPolicyResult = Result<(), OrgPolicyErr>;
#[derive(Debug)]
@ -298,6 +305,20 @@ impl OrgPolicy {
Ok(())
}
pub async fn org_is_reset_password_auto_enroll(org_uuid: &str, conn: &mut DbConn) -> bool {
match OrgPolicy::find_by_org_and_type(org_uuid, OrgPolicyType::ResetPassword, conn).await {
Some(policy) => match serde_json::from_str::<UpCase<ResetPasswordDataModel>>(&policy.data) {
Ok(opts) => {
return opts.data.AutoEnrollEnabled;
}
_ => error!("Failed to deserialize ResetPasswordDataModel: {}", policy.data),
},
None => return false,
}
false
}
/// Returns true if the user belongs to an org that has enabled the `DisableHideEmail`
/// option of the `Send Options` policy, and the user is not an owner or admin of that org.
pub async fn is_hide_email_disabled(user_uuid: &str, conn: &mut DbConn) -> bool {

View File

@ -29,6 +29,7 @@ db_object! {
pub akey: String,
pub status: i32,
pub atype: i32,
pub reset_password_key: Option<String>,
}
}
@ -158,7 +159,7 @@ impl Organization {
"SelfHost": true,
"UseApi": false, // Not supported
"HasPublicAndPrivateKeys": self.private_key.is_some() && self.public_key.is_some(),
"UseResetPassword": false, // Not supported
"UseResetPassword": true,
"BusinessName": null,
"BusinessAddress1": null,
@ -194,6 +195,7 @@ impl UserOrganization {
akey: String::new(),
status: UserOrgStatus::Accepted as i32,
atype: UserOrgType::User as i32,
reset_password_key: None,
}
}
@ -311,7 +313,8 @@ impl UserOrganization {
"UseApi": false, // Not supported
"SelfHost": true,
"HasPublicAndPrivateKeys": org.private_key.is_some() && org.public_key.is_some(),
"ResetPasswordEnrolled": false, // Not supported
"ResetPasswordEnrolled": self.reset_password_key.is_some(),
"UseResetPassword": true,
"SsoBound": false, // Not supported
"UseSso": false, // Not supported
"ProviderId": null,
@ -377,6 +380,7 @@ impl UserOrganization {
"Type": self.atype,
"AccessAll": self.access_all,
"TwoFactorEnabled": twofactor_enabled,
"ResetPasswordEnrolled":self.reset_password_key.is_some(),
"Object": "organizationUserUserDetails",
})

View File

@ -178,6 +178,27 @@ impl User {
self.security_stamp = crate::util::get_uuid();
}
/// Set the password hash generated
/// And resets the security_stamp. Based upon the allow_next_route the security_stamp will be different.
///
/// # Arguments
///
/// * `new_password_hash` - A str which contains a hashed version of the users master password.
/// * `new_key` - A String which contains the new aKey value of the users master password.
/// * `allow_next_route` - A Option<Vec<String>> with the function names of the next allowed (rocket) routes.
/// These routes are able to use the previous stamp id for the next 2 minutes.
/// After these 2 minutes this stamp will expire.
///
pub fn set_password_and_key(
&mut self,
new_password_hash: &str,
new_key: &str,
allow_next_route: Option<Vec<String>>,
) {
self.set_password(new_password_hash, allow_next_route);
self.akey = String::from(new_key);
}
/// Set the stamp_exception to only allow a subsequent request matching a specific route using the current security-stamp.
///
/// # Arguments

View File

@ -222,6 +222,7 @@ table! {
akey -> Text,
status -> Integer,
atype -> Integer,
reset_password_key -> Nullable<Text>,
}
}

View File

@ -222,6 +222,7 @@ table! {
akey -> Text,
status -> Integer,
atype -> Integer,
reset_password_key -> Nullable<Text>,
}
}

View File

@ -222,6 +222,7 @@ table! {
akey -> Text,
status -> Integer,
atype -> Integer,
reset_password_key -> Nullable<Text>,
}
}