diff options
author | Daniel García <[email protected]> | 2024-11-11 18:17:16 +0100 |
---|---|---|
committer | Daniel García <[email protected]> | 2024-11-11 18:36:04 +0100 |
commit | c4cdfd7cbeda3f675d7ac0e0947897c5a8ec2482 (patch) | |
tree | d68f00e2ecb78c6b404236f68483e33dc9f779e3 /src/api/core/accounts.rs | |
parent | d0581da63858885937205ab7e2d1233d4b56c623 (diff) | |
download | vaultwarden-more_authrequest_fixes.tar.gz vaultwarden-more_authrequest_fixes.zip |
More authrequest fixesmore_authrequest_fixes
Diffstat (limited to 'src/api/core/accounts.rs')
-rw-r--r-- | src/api/core/accounts.rs | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index e715d8bd..e6654add 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -1136,15 +1136,15 @@ async fn post_auth_request( #[get("/auth-requests/<uuid>")] async fn get_auth_request(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult { - if headers.user.uuid != uuid { - err!("AuthRequest doesn't exist", "User uuid's do not match") - } - let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await { Some(auth_request) => auth_request, None => err!("AuthRequest doesn't exist", "Record not found"), }; + if headers.user.uuid != auth_request.user_uuid { + err!("AuthRequest doesn't exist", "User uuid's do not match") + } + let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date)); Ok(Json(json!({ @@ -1190,15 +1190,18 @@ async fn put_auth_request( err!("AuthRequest doesn't exist", "User uuid's do not match") } - auth_request.approved = Some(data.request_approved); - auth_request.enc_key = Some(data.key); - auth_request.master_password_hash = data.master_password_hash; - auth_request.response_device_id = Some(data.device_identifier.clone()); - auth_request.save(&mut conn).await?; + if data.request_approved { + auth_request.approved = Some(data.request_approved); + auth_request.enc_key = Some(data.key); + auth_request.master_password_hash = data.master_password_hash; + auth_request.response_device_id = Some(data.device_identifier.clone()); + auth_request.save(&mut conn).await?; - if auth_request.approved.unwrap_or(false) { ant.send_auth_response(&auth_request.user_uuid, &auth_request.uuid).await; nt.send_auth_response(&auth_request.user_uuid, &auth_request.uuid, data.device_identifier, &mut conn).await; + } else { + // If denied, there's no reason to keep the request + auth_request.delete(&mut conn).await?; } let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date)); |