mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 00:30:40 +03:00 
			
		
		
		
	Merge pull request #3632 from sirux88/fix-reset-password-check-issue
fix missing password check while manual reset password enrollment
This commit is contained in:
		| @@ -2675,6 +2675,7 @@ async fn delete_group_user( | ||||
| #[allow(non_snake_case)] | ||||
| struct OrganizationUserResetPasswordEnrollmentRequest { | ||||
|     ResetPasswordKey: Option<String>, | ||||
|     MasterPasswordHash: Option<String>, | ||||
| } | ||||
|  | ||||
| #[derive(Deserialize)] | ||||
| @@ -2856,6 +2857,17 @@ async fn put_reset_password_enrollment( | ||||
|         err!("Reset password can't be withdrawed due to an enterprise policy"); | ||||
|     } | ||||
|  | ||||
|     if reset_request.ResetPasswordKey.is_some() { | ||||
|         match reset_request.MasterPasswordHash { | ||||
|             Some(password) => { | ||||
|                 if !headers.user.check_valid_password(&password) { | ||||
|                     err!("Invalid or wrong password") | ||||
|                 } | ||||
|             } | ||||
|             None => err!("No password provided"), | ||||
|         }; | ||||
|     } | ||||
|  | ||||
|     org_user.reset_password_key = reset_request.ResetPasswordKey; | ||||
|     org_user.save(&mut conn).await?; | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user