aboutsummaryrefslogtreecommitdiff
path: root/src/api/core/accounts.rs
diff options
context:
space:
mode:
authorDaniel García <[email protected]>2024-11-11 18:17:16 +0100
committerDaniel García <[email protected]>2024-11-11 18:36:04 +0100
commitc4cdfd7cbeda3f675d7ac0e0947897c5a8ec2482 (patch)
treed68f00e2ecb78c6b404236f68483e33dc9f779e3 /src/api/core/accounts.rs
parentd0581da63858885937205ab7e2d1233d4b56c623 (diff)
downloadvaultwarden-more_authrequest_fixes.tar.gz
vaultwarden-more_authrequest_fixes.zip
More authrequest fixesmore_authrequest_fixes
Diffstat (limited to 'src/api/core/accounts.rs')
-rw-r--r--src/api/core/accounts.rs23
1 files changed, 13 insertions, 10 deletions
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
index e715d8bd..e6654add 100644
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@@ -1136,15 +1136,15 @@ async fn post_auth_request(
#[get("/auth-requests/<uuid>")]
async fn get_auth_request(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
- if headers.user.uuid != uuid {
- err!("AuthRequest doesn't exist", "User uuid's do not match")
- }
-
let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await {
Some(auth_request) => auth_request,
None => err!("AuthRequest doesn't exist", "Record not found"),
};
+ if headers.user.uuid != auth_request.user_uuid {
+ err!("AuthRequest doesn't exist", "User uuid's do not match")
+ }
+
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date));
Ok(Json(json!({
@@ -1190,15 +1190,18 @@ async fn put_auth_request(
err!("AuthRequest doesn't exist", "User uuid's do not match")
}
- auth_request.approved = Some(data.request_approved);
- auth_request.enc_key = Some(data.key);
- auth_request.master_password_hash = data.master_password_hash;
- auth_request.response_device_id = Some(data.device_identifier.clone());
- auth_request.save(&mut conn).await?;
+ if data.request_approved {
+ auth_request.approved = Some(data.request_approved);
+ auth_request.enc_key = Some(data.key);
+ auth_request.master_password_hash = data.master_password_hash;
+ auth_request.response_device_id = Some(data.device_identifier.clone());
+ auth_request.save(&mut conn).await?;
- if auth_request.approved.unwrap_or(false) {
ant.send_auth_response(&auth_request.user_uuid, &auth_request.uuid).await;
nt.send_auth_response(&auth_request.user_uuid, &auth_request.uuid, data.device_identifier, &mut conn).await;
+ } else {
+ // If denied, there's no reason to keep the request
+ auth_request.delete(&mut conn).await?;
}
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date));