aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBlackDex <[email protected]>2020-03-19 16:50:47 +0100
committerBlackDex <[email protected]>2020-03-19 16:50:47 +0100
commit669b101e6a68ab639526bc5b1405e8ced4a9f94e (patch)
tree4fac8e2e214491ed7426e44fae35780ed9324433
parentb85d548879204858325088fa1048e0b6b185600c (diff)
downloadvaultwarden-669b101e6a68ab639526bc5b1405e8ced4a9f94e.tar.gz
vaultwarden-669b101e6a68ab639526bc5b1405e8ced4a9f94e.zip
Fixing issue #908
Sometimes an org-uuid is not within the path but in a query value, This fixes the check for that.
-rw-r--r--src/auth.rs87
1 files changed, 53 insertions, 34 deletions
diff --git a/src/auth.rs b/src/auth.rs
index f5aeaa1e..83845bc9 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -315,41 +315,60 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
Outcome::Forward(_) => Outcome::Forward(()),
Outcome::Failure(f) => Outcome::Failure(f),
Outcome::Success(headers) => {
- // org_id is expected to be the second param ("/organizations/<org_id>")
- match request.get_param::<String>(1) {
- Some(Ok(org_id)) => {
- let conn = match request.guard::<DbConn>() {
- Outcome::Success(conn) => conn,
- _ => err_handler!("Error getting DB"),
- };
-
- let user = headers.user;
- let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) {
- Some(user) => {
- if user.status == UserOrgStatus::Confirmed as i32 {
- user
- } else {
- err_handler!("The current user isn't confirmed member of the organization")
- }
- }
- None => err_handler!("The current user isn't member of the organization"),
- };
-
- Outcome::Success(Self {
- host: headers.host,
- device: headers.device,
- user,
- org_user_type: {
- if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) {
- org_usr_type
- } else {
- // This should only happen if the DB is corrupted
- err_handler!("Unknown user type in the database")
- }
- },
- })
+ // org_id is usually the second param ("/organizations/<org_id>")
+ // But there are cases where it is located in a query value.
+ // First check the param, if this is not a valid uuid, we will try the query value.
+ let query_org_id = match request.get_query_value::<String>("organizationId") {
+ Some(Ok(query_org_id)) => { query_org_id }
+ _ => { "".into() }
+ };
+ let param_org_id = match request.get_param::<String>(1) {
+ Some(Ok(param_org_id)) => { param_org_id }
+ _ => { "".into() }
+ };
+
+ let org_uuid: _ = match uuid::Uuid::parse_str(&param_org_id) {
+ Ok(uuid) => uuid,
+ _ => match uuid::Uuid::parse_str(&query_org_id) {
+ Ok(uuid) => uuid,
+ _ => err_handler!("Error getting the organization id"),
}
- _ => err_handler!("Error getting the organization id"),
+ };
+
+ let org_id: &str = &org_uuid.to_string();
+ if !org_id.is_empty() {
+ let conn = match request.guard::<DbConn>() {
+ Outcome::Success(conn) => conn,
+ _ => err_handler!("Error getting DB"),
+ };
+
+ let user = headers.user;
+ let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) {
+ Some(user) => {
+ if user.status == UserOrgStatus::Confirmed as i32 {
+ user
+ } else {
+ err_handler!("The current user isn't confirmed member of the organization")
+ }
+ }
+ None => err_handler!("The current user isn't member of the organization"),
+ };
+
+ Outcome::Success(Self {
+ host: headers.host,
+ device: headers.device,
+ user,
+ org_user_type: {
+ if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) {
+ org_usr_type
+ } else {
+ // This should only happen if the DB is corrupted
+ err_handler!("Unknown user type in the database")
+ }
+ },
+ })
+ } else {
+ err_handler!("Error getting the organization id")
}
}
}