diff options
author | Daniel García <[email protected]> | 2020-03-20 10:51:17 +0100 |
---|---|---|
committer | Daniel García <[email protected]> | 2020-03-20 10:51:17 +0100 |
commit | 94341f9f3f273eaa14b058c310f39dd6536f84cb (patch) | |
tree | f982ac8cf8342576f8333fd3fe937ebfd453486a | |
parent | ff19fb3426da8813b2a50532efa49a0c4a682777 (diff) | |
download | vaultwarden-94341f9f3f273eaa14b058c310f39dd6536f84cb.tar.gz vaultwarden-94341f9f3f273eaa14b058c310f39dd6536f84cb.zip |
Fix token error while accepting invite1.14.1
-rw-r--r-- | src/api/core/organizations.rs | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index f54d947c..5c11b265 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -47,6 +47,7 @@ pub fn routes() -> Vec<Route> { post_delete_user, post_org_import, list_policies, + list_policies_token, get_policy, put_policy, ] @@ -911,6 +912,30 @@ fn list_policies(org_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonRe }))) } +#[get("/organizations/<org_id>/policies/token?<token>")] +fn list_policies_token(org_id: String, token: String, conn: DbConn) -> JsonResult { + let invite = crate::auth::decode_invite(&token)?; + + let invite_org_id = match invite.org_id { + Some(invite_org_id) => invite_org_id, + None => err!("Invalid token"), + }; + + if invite_org_id != org_id { + err!("Token doesn't match request organization"); + } + + // TODO: We receive the invite token as ?token=<>, validate it contains the org id + let policies = OrgPolicy::find_by_org(&org_id, &conn); + let policies_json: Vec<Value> = policies.iter().map(OrgPolicy::to_json).collect(); + + Ok(Json(json!({ + "Data": policies_json, + "Object": "list", + "ContinuationToken": null + }))) +} + #[get("/organizations/<org_id>/policies/<pol_type>")] fn get_policy(org_id: String, pol_type: i32, _headers: AdminHeaders, conn: DbConn) -> JsonResult { let pol_type_enum = match OrgPolicyType::from_i32(pol_type) { |