diff options
author | Daniel GarcĂa <[email protected]> | 2023-10-21 17:59:25 +0200 |
---|---|---|
committer | GitHub <[email protected]> | 2023-10-21 17:59:25 +0200 |
commit | 8933ac2ee7ce514b5f9a9801e230189378b5d931 (patch) | |
tree | 12ba25c34aadf8f6fe2971aced6bb7940895bea4 | |
parent | 6822e445bbcbe36dbfba0feb0809324625bf9a60 (diff) | |
parent | 4861f6deccf893c8b4e26db56c39fdc099ae965f (diff) | |
download | vaultwarden-8933ac2ee7ce514b5f9a9801e230189378b5d931.tar.gz vaultwarden-8933ac2ee7ce514b5f9a9801e230189378b5d931.zip |
Merge pull request #3986 from admav/config_email_change
New config option disable email change
-rw-r--r-- | .env.template | 4 | ||||
-rw-r--r-- | src/api/core/accounts.rs | 8 | ||||
-rw-r--r-- | src/config.rs | 2 |
3 files changed, 14 insertions, 0 deletions
diff --git a/.env.template b/.env.template index 98bed0b7..3c177a26 100644 --- a/.env.template +++ b/.env.template @@ -97,6 +97,10 @@ ## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings. # ORG_EVENTS_ENABLED=false +## Controls whether users can change their email. +## This setting applies globally to all users +# EMAIL_CHANGE_ALLOWED=true + ## Number of days to retain events stored in the database. ## If unset (the default), events are kept indefinitely and the scheduled job is disabled! # EVENTS_DAYS_RETAIN= diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 68269529..6f6e2f3d 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -533,6 +533,10 @@ struct EmailTokenData { #[post("/accounts/email-token", data = "<data>")] async fn post_email_token(data: JsonUpcase<EmailTokenData>, headers: Headers, mut conn: DbConn) -> EmptyResult { + if !CONFIG.email_change_allowed() { + err!("Email change is not allowed."); + } + let data: EmailTokenData = data.into_inner().data; let mut user = headers.user; @@ -579,6 +583,10 @@ async fn post_email( mut conn: DbConn, nt: Notify<'_>, ) -> EmptyResult { + if !CONFIG.email_change_allowed() { + err!("Email change is not allowed."); + } + let data: ChangeEmailData = data.into_inner().data; let mut user = headers.user; diff --git a/src/config.rs b/src/config.rs index 03731a08..67ba66ae 100644 --- a/src/config.rs +++ b/src/config.rs @@ -480,6 +480,8 @@ make_config! { invitation_expiration_hours: u32, false, def, 120; /// Allow emergency access |> Controls whether users can enable emergency access to their accounts. This setting applies globally to all users. emergency_access_allowed: bool, true, def, true; + /// Allow email change |> Controls whether users can change their email. This setting applies globally to all users. + email_change_allowed: bool, true, def, true; /// Password iterations |> Number of server-side passwords hashing iterations for the password hash. /// The default for new users. If changed, it will be updated during login for existing users. password_iterations: i32, true, def, 600_000; |