mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-11-22 19:02:54 +01:00
rust lang specific improvements
This commit is contained in:
parent
62dfeb80f2
commit
a6558f5548
@ -2542,7 +2542,7 @@ async fn put_reset_password(
|
||||
|
||||
// Sending email before resetting password to ensure working email configuration and the resulting
|
||||
// user notification. Also this might add some protection against security flaws and misuse
|
||||
if let Err(e) = mail::send_admin_reset_password(&user.email.to_lowercase(), &user.name, &org.name).await {
|
||||
if let Err(e) = mail::send_admin_reset_password(&user.email, &user.name, &org.name).await {
|
||||
error!("Error sending user reset password email: {:#?}", e);
|
||||
}
|
||||
|
||||
@ -2615,19 +2615,11 @@ async fn check_reset_password_applicable_and_permissions(
|
||||
};
|
||||
|
||||
// Resetting user must be higher/equal to user to reset
|
||||
let mut reset_allowed = false;
|
||||
if headers.org_user_type == UserOrgType::Owner {
|
||||
reset_allowed = true;
|
||||
match headers.org_user_type {
|
||||
UserOrgType::Owner => Ok(()),
|
||||
UserOrgType::Admin if target_user.atype <= UserOrgType::Admin => Ok(()),
|
||||
_ => err!("No permission to reset this user's password"),
|
||||
}
|
||||
if headers.org_user_type == UserOrgType::Admin {
|
||||
reset_allowed = target_user.atype != (UserOrgType::Owner as i32);
|
||||
}
|
||||
|
||||
if !reset_allowed {
|
||||
err!("No permission to reset this user's password");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn check_reset_password_applicable(org_id: &str, conn: &mut DbConn) -> EmptyResult {
|
||||
|
Loading…
Reference in New Issue
Block a user