aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel GarcĂ­a <[email protected]>2023-10-21 17:59:25 +0200
committerGitHub <[email protected]>2023-10-21 17:59:25 +0200
commit8933ac2ee7ce514b5f9a9801e230189378b5d931 (patch)
tree12ba25c34aadf8f6fe2971aced6bb7940895bea4
parent6822e445bbcbe36dbfba0feb0809324625bf9a60 (diff)
parent4861f6deccf893c8b4e26db56c39fdc099ae965f (diff)
downloadvaultwarden-8933ac2ee7ce514b5f9a9801e230189378b5d931.tar.gz
vaultwarden-8933ac2ee7ce514b5f9a9801e230189378b5d931.zip
Merge pull request #3986 from admav/config_email_change
New config option disable email change
-rw-r--r--.env.template4
-rw-r--r--src/api/core/accounts.rs8
-rw-r--r--src/config.rs2
3 files changed, 14 insertions, 0 deletions
diff --git a/.env.template b/.env.template
index 98bed0b7..3c177a26 100644
--- a/.env.template
+++ b/.env.template
@@ -97,6 +97,10 @@
## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings.
# ORG_EVENTS_ENABLED=false
+## Controls whether users can change their email.
+## This setting applies globally to all users
+# EMAIL_CHANGE_ALLOWED=true
+
## Number of days to retain events stored in the database.
## If unset (the default), events are kept indefinitely and the scheduled job is disabled!
# EVENTS_DAYS_RETAIN=
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
index 68269529..6f6e2f3d 100644
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@@ -533,6 +533,10 @@ struct EmailTokenData {
#[post("/accounts/email-token", data = "<data>")]
async fn post_email_token(data: JsonUpcase<EmailTokenData>, headers: Headers, mut conn: DbConn) -> EmptyResult {
+ if !CONFIG.email_change_allowed() {
+ err!("Email change is not allowed.");
+ }
+
let data: EmailTokenData = data.into_inner().data;
let mut user = headers.user;
@@ -579,6 +583,10 @@ async fn post_email(
mut conn: DbConn,
nt: Notify<'_>,
) -> EmptyResult {
+ if !CONFIG.email_change_allowed() {
+ err!("Email change is not allowed.");
+ }
+
let data: ChangeEmailData = data.into_inner().data;
let mut user = headers.user;
diff --git a/src/config.rs b/src/config.rs
index 03731a08..67ba66ae 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -480,6 +480,8 @@ make_config! {
invitation_expiration_hours: u32, false, def, 120;
/// Allow emergency access |> Controls whether users can enable emergency access to their accounts. This setting applies globally to all users.
emergency_access_allowed: bool, true, def, true;
+ /// Allow email change |> Controls whether users can change their email. This setting applies globally to all users.
+ email_change_allowed: bool, true, def, true;
/// Password iterations |> Number of server-side passwords hashing iterations for the password hash.
/// The default for new users. If changed, it will be updated during login for existing users.
password_iterations: i32, true, def, 600_000;