diff options
author | Mathijs van Veluw <[email protected]> | 2024-11-12 11:09:28 +0100 |
---|---|---|
committer | GitHub <[email protected]> | 2024-11-12 11:09:28 +0100 |
commit | ba48ca68fc165be704af50171242f656e79fe685 (patch) | |
tree | 5db062f4709bd28d5ece9530d1a99d57f0711989 | |
parent | 294b429436a1159ddb9b796b583fa79a9d04ef87 (diff) | |
download | vaultwarden-ba48ca68fc165be704af50171242f656e79fe685.tar.gz vaultwarden-ba48ca68fc165be704af50171242f656e79fe685.zip |
fix hibp username encoding and pw hint check (#5180)
* fix hibp username encoding
Signed-off-by: BlackDex <[email protected]>
* Fix password-hint check
Signed-off-by: BlackDex <[email protected]>
---------
Signed-off-by: BlackDex <[email protected]>
-rw-r--r-- | src/api/core/accounts.rs | 2 | ||||
-rw-r--r-- | src/api/core/mod.rs | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index e6654add..4e566bc9 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -842,7 +842,7 @@ struct PasswordHintData { #[post("/accounts/password-hint", data = "<data>")] async fn password_hint(data: Json<PasswordHintData>, mut conn: DbConn) -> EmptyResult { - if !CONFIG.mail_enabled() && !CONFIG.show_password_hint() { + if !CONFIG.mail_enabled() || !CONFIG.show_password_hint() { err!("This server is not configured to provide password hints."); } diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 1638afe5..75c63c16 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -136,8 +136,8 @@ async fn put_eq_domains(data: Json<EquivDomainData>, headers: Headers, conn: DbC #[get("/hibp/breach?<username>")] async fn hibp_breach(username: &str, _headers: Headers) -> JsonResult { + let username: String = url::form_urlencoded::byte_serialize(username.as_bytes()).collect(); if let Some(api_key) = crate::CONFIG.hibp_api_key() { - let username: String = url::form_urlencoded::byte_serialize(username.as_bytes()).collect(); let url = format!( "https://haveibeenpwned.com/api/v3/breachedaccount/{username}?truncateResponse=false&includeUnverified=false" ); |