improve admin invite #5403
Open
improve admin invite #5403
+76
−95
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stefan0xC
force-pushed
the
fix-admin-invite
branch
from
a8e4a52 to
9a8cd55
Compare
BlackDex
previously approved these changes
Jan 16, 2025
|
Not sure if that is important but the mail with the confirmation will not be send. vaultwarden/src/api/core/organizations.rs Lines 1206 to 1207 in 29f2b43 edit: refactored the logic a bit so the mail will be sent. |
stefan0xC
commented
Jan 17, 2025
Timshel
reviewed
Jan 17, 2025
| } | ||
|
|
||
| match User::find_by_mail(&claims.email, &mut conn).await { |
There was a problem hiding this comment.
I think it would be better to retrieve the user from the Header guard instead and check that the correct user is making the call.
Made a PR in case you think it makes more sense to keep the change separate.
There was a problem hiding this comment.
Oh, wow. I've never noticed. Yeah, sounds reasonable.
Timshel
reviewed
Jan 17, 2025
src/api/core/organizations.rs
Outdated
| mut conn: DbConn, | ||
| ) -> EmptyResult { | ||
| // The web-vault passes org_id and member_id in the URL, but we are just reading them from the JWT instead | ||
| let data: AcceptData = data.into_inner(); | ||
| let claims = decode_invite(&data.token)?; | ||
|
|
||
| if !claims.email.eq(&headers.user.email) { | ||
| err!("Error accepting invitation", "Claim does not match user_id") |
There was a problem hiding this comment.
The notification title is : Unable to accept invitation, so I think the Error accepting invitation is a bit redundant.
stefan0xC
force-pushed
the
fix-admin-invite
branch
from
40d5e17 to
ec5679a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As pointed out by @Timshel the
OrganizationIdguard and especially theMembershipIdguard is unhappy with the_we use when inviting via the/adminpanel.By introducing a fake UUID
"00000000-0000-0000-0000-000000000000"the guards will not fail and we can also check the claim and exit early.