mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-20 22:00:39 +03:00 
			
		
		
		
	Change OIDC dummy identifier (#6263)
* Change OIDC dummy identifier * Update src/sso.rs Co-authored-by: Helmut K. C. Tessarek <tessarek@evermeet.cx> * Use Org uuid as identifier --------- Co-authored-by: Helmut K. C. Tessarek <tessarek@evermeet.cx> Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>
This commit is contained in:
		| @@ -367,7 +367,7 @@ async fn post_set_password(data: Json<SetPasswordData>, headers: Headers, mut co | ||||
|  | ||||
|     if let Some(identifier) = data.org_identifier { | ||||
|         if identifier != crate::sso::FAKE_IDENTIFIER { | ||||
|             let org = match Organization::find_by_name(&identifier, &mut conn).await { | ||||
|             let org = match Organization::find_by_uuid(&identifier.into(), &mut conn).await { | ||||
|                 None => err!("Failed to retrieve the associated organization"), | ||||
|                 Some(org) => org, | ||||
|             }; | ||||
|   | ||||
| @@ -339,7 +339,7 @@ async fn get_user_collections(headers: Headers, mut conn: DbConn) -> Json<Value> | ||||
| } | ||||
|  | ||||
| // Called during the SSO enrollment | ||||
| // The `identifier` should be the value returned by `get_org_domain_sso_details` | ||||
| // The `identifier` should be the value returned by `get_org_domain_sso_verified` | ||||
| // The returned `Id` will then be passed to `get_master_password_policy` which will mainly ignore it | ||||
| #[get("/organizations/<identifier>/auto-enroll-status")] | ||||
| async fn get_auto_enroll_status(identifier: &str, headers: Headers, mut conn: DbConn) -> JsonResult { | ||||
| @@ -349,7 +349,7 @@ async fn get_auto_enroll_status(identifier: &str, headers: Headers, mut conn: Db | ||||
|             None => None, | ||||
|         } | ||||
|     } else { | ||||
|         Organization::find_by_name(identifier, &mut conn).await | ||||
|         Organization::find_by_uuid(&identifier.into(), &mut conn).await | ||||
|     }; | ||||
|  | ||||
|     let (id, identifier, rp_auto_enroll) = match org { | ||||
| @@ -977,17 +977,17 @@ async fn get_org_domain_sso_verified(data: Json<OrgDomainDetails>, mut conn: DbC | ||||
|     let identifiers = match Organization::find_org_user_email(&data.email, &mut conn) | ||||
|         .await | ||||
|         .into_iter() | ||||
|         .map(|o| o.name) | ||||
|         .collect::<Vec<String>>() | ||||
|         .map(|o| (o.name, o.uuid.to_string())) | ||||
|         .collect::<Vec<(String, String)>>() | ||||
|     { | ||||
|         v if !v.is_empty() => v, | ||||
|         _ => vec![crate::sso::FAKE_IDENTIFIER.to_string()], | ||||
|         _ => vec![(crate::sso::FAKE_IDENTIFIER.to_string(), crate::sso::FAKE_IDENTIFIER.to_string())], | ||||
|     }; | ||||
|  | ||||
|     Ok(Json(json!({ | ||||
|         "object": "list", | ||||
|         "data": identifiers.into_iter().map(|identifier| json!({ | ||||
|             "organizationName": identifier,     // appear unused | ||||
|         "data": identifiers.into_iter().map(|(name, identifier)| json!({ | ||||
|             "organizationName": name,           // appear unused | ||||
|             "organizationIdentifier": identifier, | ||||
|             "domainName": CONFIG.domain(),      // appear unused | ||||
|         })).collect::<Vec<Value>>() | ||||
|   | ||||
| @@ -19,7 +19,7 @@ use crate::{ | ||||
|     CONFIG, | ||||
| }; | ||||
|  | ||||
| pub static FAKE_IDENTIFIER: &str = "Vaultwarden"; | ||||
| pub static FAKE_IDENTIFIER: &str = "VW_DUMMY_IDENTIFIER_FOR_OIDC"; | ||||
|  | ||||
| static AC_CACHE: Lazy<Cache<OIDCState, AuthenticatedUser>> = | ||||
|     Lazy::new(|| Cache::builder().max_capacity(1000).time_to_live(Duration::from_secs(10 * 60)).build()); | ||||
|   | ||||
		Reference in New Issue
	
	Block a user