diff options
author | sirux88 <[email protected]> | 2023-07-04 18:57:49 +0200 |
---|---|---|
committer | sirux88 <[email protected]> | 2023-07-04 18:57:49 +0200 |
commit | 9876aedd6780c60c70c603e3bb329478bb0357ed (patch) | |
tree | 0e8e33ef61cdd1d694746828809936588300518e | |
parent | 19e671ff25bffa47424b5af44264c2c74c2cc84b (diff) | |
download | vaultwarden-9876aedd6780c60c70c603e3bb329478bb0357ed.tar.gz vaultwarden-9876aedd6780c60c70c603e3bb329478bb0357ed.zip |
added password check for manual reset
password enrollment endpoint
-rw-r--r-- | src/api/core/organizations.rs | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 6eaeeb63..db696c08 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -2668,6 +2668,7 @@ async fn delete_group_user( #[allow(non_snake_case)] struct OrganizationUserResetPasswordEnrollmentRequest { ResetPasswordKey: Option<String>, + MasterPasswordHash: Option<String>, } #[derive(Deserialize)] @@ -2849,6 +2850,19 @@ async fn put_reset_password_enrollment( err!("Reset password can't be withdrawed due to an enterprise policy"); } + let user = headers.user; + + if reset_request.ResetPasswordKey.is_some() { + match reset_request.MasterPasswordHash { + Some(password) => { + if !user.check_valid_password(&password) { + err!("Invalid or wrong password") + } + } + None => err!("No password provided"), + }; + } + org_user.reset_password_key = reset_request.ResetPasswordKey; org_user.save(&mut conn).await?; @@ -2858,8 +2872,7 @@ async fn put_reset_password_enrollment( EventType::OrganizationUserResetPasswordWithdraw as i32 }; - log_event(log_id, org_user_id, org_id, headers.user.uuid.clone(), headers.device.atype, &headers.ip.ip, &mut conn) - .await; + log_event(log_id, org_user_id, org_id, user.uuid.clone(), headers.device.atype, &headers.ip.ip, &mut conn).await; Ok(()) } |