saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-10 18:55:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3632 from sirux88/fix-reset-password-check-issue

Browse Source 
fix missing password check while manual reset password enrollment
This commit is contained in:
Daniel García
2023-07-04 20:55:34 +02:00
committed by GitHub
parent 1bee46f64b fb6f441a4f
commit 814ce9a6ac
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/api/core/organizations.rs
View File

@@ -2675,6 +2675,7 @@ async fn delete_group_user(
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct OrganizationUserResetPasswordEnrollmentRequest { struct OrganizationUserResetPasswordEnrollmentRequest {
ResetPasswordKey: Option<String>, ResetPasswordKey: Option<String>,
MasterPasswordHash: Option<String>,
} }
#[derive(Deserialize)] #[derive(Deserialize)]
@@ -2856,6 +2857,17 @@ async fn put_reset_password_enrollment(
err!("Reset password can't be withdrawed due to an enterprise policy"); err!("Reset password can't be withdrawed due to an enterprise policy");
} }
if reset_request.ResetPasswordKey.is_some() {
match reset_request.MasterPasswordHash {
Some(password) => {
if !headers.user.check_valid_password(&password) {
err!("Invalid or wrong password")
}
}
None => err!("No password provided"),
};
}
org_user.reset_password_key = reset_request.ResetPasswordKey; org_user.reset_password_key = reset_request.ResetPasswordKey;
org_user.save(&mut conn).await?; org_user.save(&mut conn).await?;