Merge pull request #1689 from jjlin/hide-email

Add support for hiding the sender's email address in Bitwarden Sends
2025-09-10 18:55:57 +03:00 · 2021-05-12 23:05:53 +02:00
parent 7a9cfc45da 029008bad5
commit 8e6c6a1dc4
12 changed files with 89 additions and 2 deletions
--- a/src/db/models/org_policy.rs
+++ b/src/db/models/org_policy.rs
@@ -1,8 +1,10 @@
+use serde::Deserialize;
 use serde_json::Value;

 use crate::api::EmptyResult;
 use crate::db::DbConn;
 use crate::error::MapResult;
+use crate::util::UpCase;

 use super::{Organization, UserOrgStatus, UserOrgType, UserOrganization};

@@ -29,6 +31,14 @@ pub enum OrgPolicyType {
    // RequireSso = 4, // Not currently supported.
    PersonalOwnership = 5,
    DisableSend = 6,
+    SendOptions = 7,
+}
+
+// https://github.com/bitwarden/server/blob/master/src/Core/Models/Data/SendOptionsPolicyData.cs
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+pub struct SendOptionsPolicyData {
+    pub DisableHideEmail: bool,
 }

 /// Local methods
@@ -188,6 +198,30 @@ impl OrgPolicy {
        false
    }

+    /// Returns true if the user belongs to an org that has enabled the `DisableHideEmail`
+    /// option of the `Send Options` policy, and the user is not an owner or admin of that org.
+    pub fn is_hide_email_disabled(user_uuid: &str, conn: &DbConn) -> bool {
+        // Returns confirmed users only.
+        for policy in OrgPolicy::find_by_user(user_uuid, conn) {
+            if policy.enabled && policy.has_type(OrgPolicyType::SendOptions) {
+                let org_uuid = &policy.org_uuid;
+                if let Some(user) = UserOrganization::find_by_user_and_org(user_uuid, org_uuid, conn) {
+                    if user.atype < UserOrgType::Admin {
+                        match serde_json::from_str::<UpCase<SendOptionsPolicyData>>(&policy.data) {
+                            Ok(opts) => {
+                                if opts.data.DisableHideEmail {
+                                    return true;
+                                }
+                            }
+                            _ => error!("Failed to deserialize policy data: {}", policy.data),
+                        }
+                    }
+                }
+            }
+        }
+        false
+    }
+
    /*pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
        db_run! { conn: {
            diesel::delete(twofactor::table.filter(twofactor::user_uuid.eq(user_uuid)))
--- a/src/db/models/send.rs
+++ b/src/db/models/send.rs
@@ -36,6 +36,7 @@ db_object! {
        pub deletion_date: NaiveDateTime,

        pub disabled: bool,
+        pub hide_email: Option<bool>,
    }
 }

@@ -73,6 +74,7 @@ impl Send {
            deletion_date,

            disabled: false,
+            hide_email: None,
        }
    }

@@ -101,6 +103,22 @@ impl Send {
        }
    }

+    pub fn creator_identifier(&self, conn: &DbConn) -> Option<String> {
+        if let Some(hide_email) = self.hide_email {
+            if hide_email {
+                return None;
+            }
+        }
+
+        if let Some(user_uuid) = &self.user_uuid {
+            if let Some(user) = User::find_by_uuid(user_uuid, conn) {
+                return Some(user.email);
+            }
+        }
+
+        None
+    }
+
    pub fn to_json(&self) -> Value {
        use crate::util::format_date;
        use data_encoding::BASE64URL_NOPAD;
@@ -123,6 +141,7 @@ impl Send {
            "AccessCount": self.access_count,
            "Password": self.password_hash.as_deref().map(|h| BASE64URL_NOPAD.encode(h)),
            "Disabled": self.disabled,
+            "HideEmail": self.hide_email,

            "RevisionDate": format_date(&self.revision_date),
            "ExpirationDate": self.expiration_date.as_ref().map(format_date),
@@ -131,7 +150,7 @@ impl Send {
        })
    }

-    pub fn to_json_access(&self) -> Value {
+    pub fn to_json_access(&self, conn: &DbConn) -> Value {
        use crate::util::format_date;

        let data: Value = serde_json::from_str(&self.data).unwrap_or_default();
@@ -145,6 +164,7 @@ impl Send {
            "File": if self.atype == SendType::File as i32 { Some(&data) } else { None },

            "ExpirationDate": self.expiration_date.as_ref().map(format_date),
+            "CreatorIdentifier": self.creator_identifier(conn),
            "Object": "send-access",
        })
    }
--- a/src/db/schemas/mysql/schema.rs
+++ b/src/db/schemas/mysql/schema.rs
@@ -123,6 +123,7 @@ table! {
        expiration_date -> Nullable<Datetime>,
        deletion_date -> Datetime,
        disabled -> Bool,
+        hide_email -> Nullable<Bool>,
    }
 }

--- a/src/db/schemas/postgresql/schema.rs
+++ b/src/db/schemas/postgresql/schema.rs
@@ -123,6 +123,7 @@ table! {
        expiration_date -> Nullable<Timestamp>,
        deletion_date -> Timestamp,
        disabled -> Bool,
+        hide_email -> Nullable<Bool>,
    }
 }

--- a/src/db/schemas/sqlite/schema.rs
+++ b/src/db/schemas/sqlite/schema.rs
@@ -123,6 +123,7 @@ table! {
        expiration_date -> Nullable<Timestamp>,
        deletion_date -> Timestamp,
        disabled -> Bool,
+        hide_email -> Nullable<Bool>,
    }
 }