aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsirux88 <[email protected]>2023-07-04 18:57:49 +0200
committersirux88 <[email protected]>2023-07-04 18:57:49 +0200
commit9876aedd6780c60c70c603e3bb329478bb0357ed (patch)
tree0e8e33ef61cdd1d694746828809936588300518e
parent19e671ff25bffa47424b5af44264c2c74c2cc84b (diff)
downloadvaultwarden-9876aedd6780c60c70c603e3bb329478bb0357ed.tar.gz
vaultwarden-9876aedd6780c60c70c603e3bb329478bb0357ed.zip
added password check for manual reset
password enrollment endpoint
-rw-r--r--src/api/core/organizations.rs17
1 files changed, 15 insertions, 2 deletions
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index 6eaeeb63..db696c08 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -2668,6 +2668,7 @@ async fn delete_group_user(
#[allow(non_snake_case)]
struct OrganizationUserResetPasswordEnrollmentRequest {
ResetPasswordKey: Option<String>,
+ MasterPasswordHash: Option<String>,
}
#[derive(Deserialize)]
@@ -2849,6 +2850,19 @@ async fn put_reset_password_enrollment(
err!("Reset password can't be withdrawed due to an enterprise policy");
}
+ let user = headers.user;
+
+ if reset_request.ResetPasswordKey.is_some() {
+ match reset_request.MasterPasswordHash {
+ Some(password) => {
+ if !user.check_valid_password(&password) {
+ err!("Invalid or wrong password")
+ }
+ }
+ None => err!("No password provided"),
+ };
+ }
+
org_user.reset_password_key = reset_request.ResetPasswordKey;
org_user.save(&mut conn).await?;
@@ -2858,8 +2872,7 @@ async fn put_reset_password_enrollment(
EventType::OrganizationUserResetPasswordWithdraw as i32
};
- log_event(log_id, org_user_id, org_id, headers.user.uuid.clone(), headers.device.atype, &headers.ip.ip, &mut conn)
- .await;
+ log_event(log_id, org_user_id, org_id, user.uuid.clone(), headers.device.atype, &headers.ip.ip, &mut conn).await;
Ok(())
}