mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 16:00:02 +02:00 
			
		
		
		
	added database migration
This commit is contained in:
		| @@ -0,0 +1,2 @@ | ||||
| ALTER TABLE users_organizations | ||||
| ADD COLUMN reset_password_key VARCHAR(255); | ||||
| @@ -0,0 +1,2 @@ | ||||
| ALTER TABLE users_organizations | ||||
| ADD COLUMN reset_password_key TEXT; | ||||
| @@ -0,0 +1,2 @@ | ||||
| ALTER TABLE users_organizations | ||||
| ADD COLUMN reset_password_key TEXT; | ||||
| @@ -87,9 +87,9 @@ pub enum EventType { | ||||
|     OrganizationUserRemoved = 1503, | ||||
|     OrganizationUserUpdatedGroups = 1504, | ||||
|     // OrganizationUserUnlinkedSso = 1505, // Not supported | ||||
|     // OrganizationUserResetPasswordEnroll = 1506, // Not supported | ||||
|     // OrganizationUserResetPasswordWithdraw = 1507, // Not supported | ||||
|     // OrganizationUserAdminResetPassword = 1508, // Not supported | ||||
|     OrganizationUserResetPasswordEnroll = 1506, | ||||
|     OrganizationUserResetPasswordWithdraw = 1507, | ||||
|     OrganizationUserAdminResetPassword = 1508, | ||||
|     // OrganizationUserResetSsoLink = 1509, // Not supported | ||||
|     // OrganizationUserFirstSsoLogin = 1510, // Not supported | ||||
|     OrganizationUserRevoked = 1511, | ||||
|   | ||||
| @@ -32,7 +32,7 @@ pub enum OrgPolicyType { | ||||
|     PersonalOwnership = 5, | ||||
|     DisableSend = 6, | ||||
|     SendOptions = 7, | ||||
|     // ResetPassword = 8, // Not supported | ||||
|     ResetPassword = 8, | ||||
|     // MaximumVaultTimeout = 9, // Not supported (Not AGPLv3 Licensed) | ||||
|     // DisablePersonalVaultExport = 10, // Not supported (Not AGPLv3 Licensed) | ||||
| } | ||||
| @@ -44,6 +44,13 @@ pub struct SendOptionsPolicyData { | ||||
|     pub DisableHideEmail: bool, | ||||
| } | ||||
|  | ||||
| // https://github.com/bitwarden/server/blob/5cbdee137921a19b1f722920f0fa3cd45af2ef0f/src/Core/Models/Data/Organizations/Policies/ResetPasswordDataModel.cs | ||||
| #[derive(Deserialize)] | ||||
| #[allow(non_snake_case)] | ||||
| pub struct ResetPasswordDataModel { | ||||
|     pub AutoEnrollEnabled: bool, | ||||
| } | ||||
|  | ||||
| pub type OrgPolicyResult = Result<(), OrgPolicyErr>; | ||||
|  | ||||
| #[derive(Debug)] | ||||
| @@ -298,6 +305,20 @@ impl OrgPolicy { | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub async fn org_is_reset_password_auto_enroll(org_uuid: &str, conn: &mut DbConn) -> bool { | ||||
|         match OrgPolicy::find_by_org_and_type(org_uuid, OrgPolicyType::ResetPassword, conn).await { | ||||
|             Some(policy) => match serde_json::from_str::<UpCase<ResetPasswordDataModel>>(&policy.data) { | ||||
|                 Ok(opts) => { | ||||
|                     return opts.data.AutoEnrollEnabled; | ||||
|                 } | ||||
|                 _ => error!("Failed to deserialize ResetPasswordDataModel: {}", policy.data), | ||||
|             }, | ||||
|             None => return false, | ||||
|         } | ||||
|  | ||||
|         false | ||||
|     } | ||||
|  | ||||
|     /// Returns true if the user belongs to an org that has enabled the `DisableHideEmail` | ||||
|     /// option of the `Send Options` policy, and the user is not an owner or admin of that org. | ||||
|     pub async fn is_hide_email_disabled(user_uuid: &str, conn: &mut DbConn) -> bool { | ||||
|   | ||||
| @@ -29,6 +29,7 @@ db_object! { | ||||
|         pub akey: String, | ||||
|         pub status: i32, | ||||
|         pub atype: i32, | ||||
|         pub reset_password_key: Option<String>, | ||||
|     } | ||||
| } | ||||
|  | ||||
| @@ -158,7 +159,7 @@ impl Organization { | ||||
|             "SelfHost": true, | ||||
|             "UseApi": false, // Not supported | ||||
|             "HasPublicAndPrivateKeys": self.private_key.is_some() && self.public_key.is_some(), | ||||
|             "UseResetPassword": false, // Not supported | ||||
|             "UseResetPassword": true, | ||||
|  | ||||
|             "BusinessName": null, | ||||
|             "BusinessAddress1": null, | ||||
| @@ -194,6 +195,7 @@ impl UserOrganization { | ||||
|             akey: String::new(), | ||||
|             status: UserOrgStatus::Accepted as i32, | ||||
|             atype: UserOrgType::User as i32, | ||||
|             reset_password_key: None, | ||||
|         } | ||||
|     } | ||||
|  | ||||
| @@ -311,7 +313,8 @@ impl UserOrganization { | ||||
|             "UseApi": false, // Not supported | ||||
|             "SelfHost": true, | ||||
|             "HasPublicAndPrivateKeys": org.private_key.is_some() && org.public_key.is_some(), | ||||
|             "ResetPasswordEnrolled": false, // Not supported | ||||
|             "ResetPasswordEnrolled": self.reset_password_key.is_some(), | ||||
|             "UseResetPassword": true, | ||||
|             "SsoBound": false, // Not supported | ||||
|             "UseSso": false, // Not supported | ||||
|             "ProviderId": null, | ||||
| @@ -377,6 +380,7 @@ impl UserOrganization { | ||||
|             "Type": self.atype, | ||||
|             "AccessAll": self.access_all, | ||||
|             "TwoFactorEnabled": twofactor_enabled, | ||||
|             "ResetPasswordEnrolled":self.reset_password_key.is_some(), | ||||
|  | ||||
|             "Object": "organizationUserUserDetails", | ||||
|         }) | ||||
|   | ||||
| @@ -178,6 +178,27 @@ impl User { | ||||
|         self.security_stamp = crate::util::get_uuid(); | ||||
|     } | ||||
|  | ||||
|     /// Set the password hash generated | ||||
|     /// And resets the security_stamp. Based upon the allow_next_route the security_stamp will be different. | ||||
|     /// | ||||
|     /// # Arguments | ||||
|     /// | ||||
|     /// * `new_password_hash` - A str which contains a hashed version of the users master password. | ||||
|     /// * `new_key` - A String  which contains the new aKey value of the users master password. | ||||
|     /// * `allow_next_route` - A Option<Vec<String>> with the function names of the next allowed (rocket) routes. | ||||
|     ///                       These routes are able to use the previous stamp id for the next 2 minutes. | ||||
|     ///                       After these 2 minutes this stamp will expire. | ||||
|     /// | ||||
|     pub fn set_password_and_key( | ||||
|         &mut self, | ||||
|         new_password_hash: &str, | ||||
|         new_key: &str, | ||||
|         allow_next_route: Option<Vec<String>>, | ||||
|     ) { | ||||
|         self.set_password(new_password_hash, allow_next_route); | ||||
|         self.akey = String::from(new_key); | ||||
|     } | ||||
|  | ||||
|     /// Set the stamp_exception to only allow a subsequent request matching a specific route using the current security-stamp. | ||||
|     /// | ||||
|     /// # Arguments | ||||
|   | ||||
| @@ -222,6 +222,7 @@ table! { | ||||
|         akey -> Text, | ||||
|         status -> Integer, | ||||
|         atype -> Integer, | ||||
|         reset_password_key -> Nullable<Text>, | ||||
|     } | ||||
| } | ||||
|  | ||||
|   | ||||
| @@ -222,6 +222,7 @@ table! { | ||||
|         akey -> Text, | ||||
|         status -> Integer, | ||||
|         atype -> Integer, | ||||
|         reset_password_key -> Nullable<Text>, | ||||
|     } | ||||
| } | ||||
|  | ||||
|   | ||||
| @@ -222,6 +222,7 @@ table! { | ||||
|         akey -> Text, | ||||
|         status -> Integer, | ||||
|         atype -> Integer, | ||||
|         reset_password_key -> Nullable<Text>, | ||||
|     } | ||||
| } | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user