diff options
author | Mathijs van Veluw <[email protected]> | 2024-12-14 00:55:34 +0100 |
---|---|---|
committer | GitHub <[email protected]> | 2024-12-14 00:55:34 +0100 |
commit | 9cd400db6c5da858a4f49eb883469cbd6cb7337d (patch) | |
tree | 1c1d1900c1e1ba20da64e4c2052285b2d81317e8 /src/api/core/organizations.rs | |
parent | fd512300448995735961cbeedcbe4b684be1c5fd (diff) | |
download | vaultwarden-9cd400db6c5da858a4f49eb883469cbd6cb7337d.tar.gz vaultwarden-9cd400db6c5da858a4f49eb883469cbd6cb7337d.zip |
Some refactoring and optimizations (#5291)
- Refactored several code to use more modern syntax
- Made some checks a bit more strict
- Updated crates
Signed-off-by: BlackDex <[email protected]>
Diffstat (limited to 'src/api/core/organizations.rs')
-rw-r--r-- | src/api/core/organizations.rs | 296 |
1 files changed, 116 insertions, 180 deletions
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 2bff64b8..f3158536 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -267,9 +267,8 @@ async fn post_organization( ) -> JsonResult { let data: OrganizationUpdateData = data.into_inner(); - let mut org = match Organization::find_by_uuid(org_id, &mut conn).await { - Some(organization) => organization, - None => err!("Can't find organization details"), + let Some(mut org) = Organization::find_by_uuid(org_id, &mut conn).await else { + err!("Can't find organization details") }; org.name = data.name; @@ -318,9 +317,8 @@ async fn get_org_collections(org_id: &str, _headers: ManagerHeadersLoose, mut co async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, mut conn: DbConn) -> JsonResult { let mut data = Vec::new(); - let user_org = match UserOrganization::find_by_user_and_org(&headers.user.uuid, org_id, &mut conn).await { - Some(u) => u, - None => err!("User is not part of organization"), + let Some(user_org) = UserOrganization::find_by_user_and_org(&headers.user.uuid, org_id, &mut conn).await else { + err!("User is not part of organization") }; // get all collection memberships for the current organization @@ -387,9 +385,8 @@ async fn post_organization_collections( ) -> JsonResult { let data: NewCollectionData = data.into_inner(); - let org = match Organization::find_by_uuid(org_id, &mut conn).await { - Some(organization) => organization, - None => err!("Can't find organization details"), + let Some(org) = Organization::find_by_uuid(org_id, &mut conn).await else { + err!("Can't find organization details") }; let collection = Collection::new(org.uuid, data.name, data.external_id); @@ -413,9 +410,8 @@ async fn post_organization_collections( } for user in data.users { - let org_user = match UserOrganization::find_by_uuid(&user.id, &mut conn).await { - Some(u) => u, - None => err!("User is not part of organization"), + let Some(org_user) = UserOrganization::find_by_uuid_and_org(&user.id, org_id, &mut conn).await else { + err!("User is not part of organization") }; if org_user.access_all { @@ -454,20 +450,14 @@ async fn post_organization_collection_update( ) -> JsonResult { let data: NewCollectionData = data.into_inner(); - let org = match Organization::find_by_uuid(org_id, &mut conn).await { - Some(organization) => organization, - None => err!("Can't find organization details"), + if Organization::find_by_uuid(org_id, &mut conn).await.is_none() { + err!("Can't find organization details") }; - let mut collection = match Collection::find_by_uuid(col_id, &mut conn).await { - Some(collection) => collection, - None => err!("Collection not found"), + let Some(mut collection) = Collection::find_by_uuid_and_org(col_id, org_id, &mut conn).await else { + err!("Collection not found") }; - if collection.org_uuid != org.uuid { - err!("Collection is not owned by organization"); - } - collection.name = data.name; collection.external_id = match data.external_id { Some(external_id) if !external_id.trim().is_empty() => Some(external_id), @@ -498,9 +488,8 @@ async fn post_organization_collection_update( CollectionUser::delete_all_by_collection(col_id, &mut conn).await?; for user in data.users { - let org_user = match UserOrganization::find_by_uuid(&user.id, &mut conn).await { - Some(u) => u, - None => err!("User is not part of organization"), + let Some(org_user) = UserOrganization::find_by_uuid_and_org(&user.id, org_id, &mut conn).await else { + err!("User is not part of organization") }; if org_user.access_all { @@ -521,15 +510,8 @@ async fn delete_organization_collection_user( _headers: AdminHeaders, mut conn: DbConn, ) -> EmptyResult { - let collection = match Collection::find_by_uuid(col_id, &mut conn).await { - None => err!("Collection not found"), - Some(collection) => { - if collection.org_uuid == org_id { - collection - } else { - err!("Collection and Organization id do not match") - } - } + let Some(collection) = Collection::find_by_uuid_and_org(col_id, org_id, &mut conn).await else { + err!("Collection not found", "Collection does not exist or does not belong to this organization") }; match UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await { @@ -560,26 +542,20 @@ async fn _delete_organization_collection( headers: &ManagerHeaders, conn: &mut DbConn, ) -> EmptyResult { - match Collection::find_by_uuid(col_id, conn).await { - None => err!("Collection not found"), - Some(collection) => { - if collection.org_uuid == org_id { - log_event( - EventType::CollectionDeleted as i32, - &collection.uuid, - org_id, - &headers.user.uuid, - headers.device.atype, - &headers.ip.ip, - conn, - ) - .await; - collection.delete(conn).await - } else { - err!("Collection and Organization id do not match") - } - } - } + let Some(collection) = Collection::find_by_uuid_and_org(col_id, org_id, conn).await else { + err!("Collection not found", "Collection does not exist or does not belong to this organization") + }; + log_event( + EventType::CollectionDeleted as i32, + &collection.uuid, + org_id, + &headers.user.uuid, + headers.device.atype, + &headers.ip.ip, + conn, + ) + .await; + collection.delete(conn).await } #[delete("/organizations/<org_id>/collections/<col_id>")] @@ -601,12 +577,11 @@ struct DeleteCollectionData { org_id: String, } -#[post("/organizations/<org_id>/collections/<col_id>/delete", data = "<_data>")] +#[post("/organizations/<org_id>/collections/<col_id>/delete")] async fn post_organization_collection_delete( org_id: &str, col_id: &str, headers: ManagerHeaders, - _data: Json<DeleteCollectionData>, mut conn: DbConn, ) -> EmptyResult { _delete_organization_collection(org_id, col_id, &headers, &mut conn).await @@ -651,9 +626,9 @@ async fn get_org_collection_detail( err!("Collection is not owned by organization") } - let user_org = match UserOrganization::find_by_user_and_org(&headers.user.uuid, org_id, &mut conn).await { - Some(u) => u, - None => err!("User is not part of organization"), + let Some(user_org) = UserOrganization::find_by_user_and_org(&headers.user.uuid, org_id, &mut conn).await + else { + err!("User is not part of organization") }; let groups: Vec<Value> = if CONFIG.org_groups_enabled() { @@ -695,9 +670,8 @@ async fn get_org_collection_detail( #[get("/organizations/<org_id>/collections/<coll_id>/users")] async fn get_collection_users(org_id: &str, coll_id: &str, _headers: ManagerHeaders, mut conn: DbConn) -> JsonResult { // Get org and collection, check that collection is from org - let collection = match Collection::find_by_uuid_and_org(coll_id, org_id, &mut conn).await { - None => err!("Collection not found in Organization"), - Some(collection) => collection, + let Some(collection) = Collection::find_by_uuid_and_org(coll_id, org_id, &mut conn).await else { + err!("Collection not found in Organization") }; let mut user_list = Vec::new(); @@ -731,9 +705,8 @@ async fn put_collection_users( // And then add all the received ones (except if the user has access_all) for d in data.iter() { - let user = match UserOrganization::find_by_uuid(&d.id, &mut conn).await { - Some(u) => u, - None => err!("User is not part of organization"), + let Some(user) = UserOrganization::find_by_uuid_and_org(&d.id, org_id, &mut conn).await else { + err!("User is not part of organization") }; if user.access_all { @@ -1007,18 +980,16 @@ async fn reinvite_user(org_id: &str, user_org: &str, headers: AdminHeaders, mut } async fn _reinvite_user(org_id: &str, user_org: &str, invited_by_email: &str, conn: &mut DbConn) -> EmptyResult { - let user_org = match UserOrganization::find_by_uuid(user_org, conn).await { - Some(user_org) => user_org, - None => err!("The user hasn't been invited to the organization."), + let Some(user_org) = UserOrganization::find_by_uuid_and_org(user_org, org_id, conn).await else { + err!("The user hasn't been invited to the organization.") }; if user_org.status != UserOrgStatus::Invited as i32 { err!("The user is already accepted or confirmed to the organization") } - let user = match User::find_by_uuid(&user_org.user_uuid, conn).await { - Some(user) => user, - None => err!("User not found."), + let Some(user) = User::find_by_uuid(&user_org.user_uuid, conn).await else { + err!("User not found.") }; if !CONFIG.invitations_allowed() && user.password_hash.is_empty() { @@ -1059,20 +1030,25 @@ struct AcceptData { reset_password_key: Option<String>, } -#[post("/organizations/<org_id>/users/<_org_user_id>/accept", data = "<data>")] -async fn accept_invite(org_id: &str, _org_user_id: &str, data: Json<AcceptData>, mut conn: DbConn) -> EmptyResult { +#[post("/organizations/<org_id>/users/<org_user_id>/accept", data = "<data>")] +async fn accept_invite(org_id: &str, org_user_id: &str, data: Json<AcceptData>, mut conn: DbConn) -> EmptyResult { // The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead let data: AcceptData = data.into_inner(); let claims = decode_invite(&data.token)?; + // If a claim does not have a user_org_id or it does not match the one in from the URI, something is wrong. + match &claims.user_org_id { + Some(ou_id) if ou_id.eq(org_user_id) => {} + _ => err!("Error accepting the invitation", "Claim does not match the org_user_id"), + } + match User::find_by_mail(&claims.email, &mut conn).await { Some(user) => { Invitation::take(&claims.email, &mut conn).await; if let (Some(user_org), Some(org)) = (&claims.user_org_id, &claims.org_id) { - let mut user_org = match UserOrganization::find_by_uuid_and_org(user_org, org, &mut conn).await { - Some(user_org) => user_org, - None => err!("Error accepting the invitation"), + let Some(mut user_org) = UserOrganization::find_by_uuid_and_org(user_org, org, &mut conn).await else { + err!("Error accepting the invitation") }; if user_org.status != UserOrgStatus::Invited as i32 { @@ -1213,9 +1189,8 @@ async fn _confirm_invite( err!("Key or UserId is not set, unable to process request"); } - let mut user_to_confirm = match UserOrganization::find_by_uuid_and_org(org_user_id, org_id, conn).await { - Some(user) => user, - None => err!("The specified user isn't a member of the organization"), + let Some(mut user_to_confirm) = UserOrganization::find_by_uuid_and_org(org_user_id, org_id, conn).await else { + err!("The specified user isn't a member of the organization") }; if user_to_confirm.atype != UserOrgType::User && headers.org_user_type != UserOrgType::Owner { @@ -1287,9 +1262,8 @@ async fn get_user( _headers: AdminHeaders, mut conn: DbConn, ) -> JsonResult { - let user = match UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await { - Some(user) => user, - None => err!("The specified user isn't a member of the organization"), + let Some(user) = UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await else { + err!("The specified user isn't a member of the organization") }; // In this case, when groups are requested we also need to include collections. @@ -1331,14 +1305,12 @@ async fn edit_user( ) -> EmptyResult { let data: EditUserData = data.into_inner(); - let new_type = match UserOrgType::from_str(&data.r#type.into_string()) { - Some(new_type) => new_type, - None => err!("Invalid type"), + let Some(new_type) = UserOrgType::from_str(&data.r#type.into_string()) else { + err!("Invalid type") }; - let mut user_to_edit = match UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await { - Some(user) => user, - None => err!("The specified user isn't member of the organization"), + let Some(mut user_to_edit) = UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await else { + err!("The specified user isn't member of the organization") }; if new_type != user_to_edit.atype @@ -1490,9 +1462,8 @@ async fn _delete_user( conn: &mut DbConn, nt: &Notify<'_>, ) -> EmptyResult { - let user_to_delete = match UserOrganization::find_by_uuid_and_org(org_user_id, org_id, conn).await { - Some(user) => user, - None => err!("User to delete isn't member of the organization"), + let Some(user_to_delete) = UserOrganization::find_by_uuid_and_org(org_user_id, org_id, conn).await else { + err!("User to delete isn't member of the organization") }; if user_to_delete.atype != UserOrgType::User && headers.org_user_type != UserOrgType::Owner { @@ -1725,9 +1696,8 @@ async fn list_policies_token(org_id: &str, token: &str, mut conn: DbConn) -> Jso let invite = decode_invite(token)?; - let invite_org_id = match invite.org_id { - Some(invite_org_id) => invite_org_id, - None => err!("Invalid token"), + let Some(invite_org_id) = invite.org_id else { + err!("Invalid token") }; if invite_org_id != org_id { @@ -1747,9 +1717,8 @@ async fn list_policies_token(org_id: &str, token: &str, mut conn: DbConn) -> Jso #[get("/organizations/<org_id>/policies/<pol_type>")] async fn get_policy(org_id: &str, pol_type: i32, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { - let pol_type_enum = match OrgPolicyType::from_i32(pol_type) { - Some(pt) => pt, - None => err!("Invalid or unsupported policy type"), + let Some(pol_type_enum) = OrgPolicyType::from_i32(pol_type) else { + err!("Invalid or unsupported policy type") }; let policy = match OrgPolicy::find_by_org_and_type(org_id, pol_type_enum, &mut conn).await { @@ -1778,9 +1747,8 @@ async fn put_policy( ) -> JsonResult { let data: PolicyData = data.into_inner(); - let pol_type_enum = match OrgPolicyType::from_i32(pol_type) { - Some(pt) => pt, - None => err!("Invalid or unsupported policy type"), + let Some(pol_type_enum) = OrgPolicyType::from_i32(pol_type) else { + err!("Invalid or unsupported policy type") }; // Bitwarden only allows the Reset Password policy when Single Org policy is enabled @@ -2437,9 +2405,8 @@ async fn put_group( err!("Group support is disabled"); } - let group = match Group::find_by_uuid(group_id, &mut conn).await { - Some(group) => group, - None => err!("Group not found"), + let Some(group) = Group::find_by_uuid_and_org(group_id, org_id, &mut conn).await else { + err!("Group not found", "Group uuid is invalid or does not belong to the organization") }; let group_request = data.into_inner(); @@ -2502,15 +2469,14 @@ async fn add_update_group( }))) } -#[get("/organizations/<_org_id>/groups/<group_id>/details")] -async fn get_group_details(_org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { +#[get("/organizations/<org_id>/groups/<group_id>/details")] +async fn get_group_details(org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { if !CONFIG.org_groups_enabled() { err!("Group support is disabled"); } - let group = match Group::find_by_uuid(group_id, &mut conn).await { - Some(group) => group, - _ => err!("Group could not be found!"), + let Some(group) = Group::find_by_uuid_and_org(group_id, org_id, &mut conn).await else { + err!("Group not found", "Group uuid is invalid or does not belong to the organization") }; Ok(Json(group.to_json_details(&mut conn).await)) @@ -2531,9 +2497,8 @@ async fn _delete_group(org_id: &str, group_id: &str, headers: &AdminHeaders, con err!("Group support is disabled"); } - let group = match Group::find_by_uuid(group_id, conn).await { - Some(group) => group, - _ => err!("Group not found"), + let Some(group) = Group::find_by_uuid_and_org(group_id, org_id, conn).await else { + err!("Group not found", "Group uuid is invalid or does not belong to the organization") }; log_event( @@ -2569,29 +2534,27 @@ async fn bulk_delete_groups( Ok(()) } -#[get("/organizations/<_org_id>/groups/<group_id>")] -async fn get_group(_org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { +#[get("/organizations/<org_id>/groups/<group_id>")] +async fn get_group(org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { if !CONFIG.org_groups_enabled() { err!("Group support is disabled"); } - let group = match Group::find_by_uuid(group_id, &mut conn).await { - Some(group) => group, - _ => err!("Group not found"), + let Some(group) = Group::find_by_uuid_and_org(group_id, org_id, &mut conn).await else { + err!("Group not found", "Group uuid is invalid or does not belong to the organization") }; Ok(Json(group.to_json())) } -#[get("/organizations/<_org_id>/groups/<group_id>/users")] -async fn get_group_users(_org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { +#[get("/organizations/<org_id>/groups/<group_id>/users")] +async fn get_group_users(org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { if !CONFIG.org_groups_enabled() { err!("Group support is disabled"); } - match Group::find_by_uuid(group_id, &mut conn).await { - Some(_) => { /* Do nothing */ } - _ => err!("Group could not be found!"), + if Group::find_by_uuid_and_org(group_id, org_id, &mut conn).await.is_none() { + err!("Group could not be found!", "Group uuid is invalid or does not belong to the organization") }; let group_users: Vec<String> = GroupUser::find_by_group(group_id, &mut conn) @@ -2615,9 +2578,8 @@ async fn put_group_users( err!("Group support is disabled"); } - match Group::find_by_uuid(group_id, &mut conn).await { - Some(_) => { /* Do nothing */ } - _ => err!("Group could not be found!"), + if Group::find_by_uuid_and_org(group_id, org_id, &mut conn).await.is_none() { + err!("Group could not be found!", "Group uuid is invalid or does not belong to the organization") }; GroupUser::delete_all_by_group(group_id, &mut conn).await?; @@ -2642,15 +2604,14 @@ async fn put_group_users( Ok(()) } -#[get("/organizations/<_org_id>/users/<user_id>/groups")] -async fn get_user_groups(_org_id: &str, user_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { +#[get("/organizations/<org_id>/users/<user_id>/groups")] +async fn get_user_groups(org_id: &str, user_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { if !CONFIG.org_groups_enabled() { err!("Group support is disabled"); } - match UserOrganization::find_by_uuid(user_id, &mut conn).await { - Some(_) => { /* Do nothing */ } - _ => err!("User could not be found!"), + if UserOrganization::find_by_uuid_and_org(user_id, org_id, &mut conn).await.is_none() { + err!("User could not be found!") }; let user_groups: Vec<String> = @@ -2688,13 +2649,8 @@ async fn put_user_groups( err!("Group support is disabled"); } - let user_org = match UserOrganization::find_by_uuid(org_user_id, &mut conn).await { - Some(uo) => uo, - _ => err!("User could not be found!"), - }; - - if user_org.org_uuid != org_id { - err!("Group doesn't belong to organization"); + if UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await.is_none() { + err!("User could not be found or does not belong to the organization."); } GroupUser::delete_all_by_user(org_user_id, &mut conn).await?; @@ -2742,22 +2698,12 @@ async fn delete_group_user( err!("Group support is disabled"); } - let user_org = match UserOrganization::find_by_uuid(org_user_id, &mut conn).await { - Some(uo) => uo, - _ => err!("User could not be found!"), - }; - - if user_org.org_uuid != org_id { - err!("User doesn't belong to organization"); + if UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await.is_none() { + err!("User could not be found or does not belong to the organization."); } - let group = match Group::find_by_uuid(group_id, &mut conn).await { - Some(g) => g, - _ => err!("Group could not be found!"), - }; - - if group.organizations_uuid != org_id { - err!("Group doesn't belong to organization"); + if Group::find_by_uuid_and_org(group_id, org_id, &mut conn).await.is_none() { + err!("Group could not be found or does not belong to the organization."); } log_event( @@ -2794,9 +2740,8 @@ struct OrganizationUserResetPasswordRequest { // Just add it here in case they will #[get("/organizations/<org_id>/public-key")] async fn get_organization_public_key(org_id: &str, _headers: Headers, mut conn: DbConn) -> JsonResult { - let org = match Organization::find_by_uuid(org_id, &mut conn).await { - Some(organization) => organization, - None => err!("Organization not found"), + let Some(org) = Organization::find_by_uuid(org_id, &mut conn).await else { + err!("Organization not found") }; Ok(Json(json!({ @@ -2821,19 +2766,16 @@ async fn put_reset_password( mut conn: DbConn, nt: Notify<'_>, ) -> EmptyResult { - let org = match Organization::find_by_uuid(org_id, &mut conn).await { - Some(org) => org, - None => err!("Required organization not found"), + let Some(org) = Organization::find_by_uuid(org_id, &mut conn).await else { + err!("Required organization not found") }; - let org_user = match UserOrganization::find_by_uuid_and_org(org_user_id, &org.uuid, &mut conn).await { - Some(user) => user, - None => err!("User to reset isn't member of required organization"), + let Some(org_user) = UserOrganization::find_by_uuid_and_org(org_user_id, &org.uuid, &mut conn).await else { + err!("User to reset isn't member of required organization") }; - let user = match User::find_by_uuid(&org_user.user_uuid, &mut conn).await { - Some(user) => user, - None => err!("User not found"), + let Some(user) = User::find_by_uuid(&org_user.user_uuid, &mut conn).await else { + err!("User not found") }; check_reset_password_applicable_and_permissions(org_id, org_user_id, &headers, &mut conn).await?; @@ -2880,19 +2822,16 @@ async fn get_reset_password_details( headers: AdminHeaders, mut conn: DbConn, ) -> JsonResult { - let org = match Organization::find_by_uuid(org_id, &mut conn).await { - Some(org) => org, - None => err!("Required organization not found"), + let Some(org) = Organization::find_by_uuid(org_id, &mut conn).await else { + err!("Required organization not found") }; - let org_user = match UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await { - Some(user) => user, - None => err!("User to reset isn't member of required organization"), + let Some(org_user) = UserOrganization::find_by_uuid_and_org(org_user_id, org_id, &mut conn).await else { + err!("User to reset isn't member of required organization") }; - let user = match User::find_by_uuid(&org_user.user_uuid, &mut conn).await { - Some(user) => user, - None => err!("User not found"), + let Some(user) = User::find_by_uuid(&org_user.user_uuid, &mut conn).await else { + err!("User not found") }; check_reset_password_applicable_and_permissions(org_id, org_user_id, &headers, &mut conn).await?; @@ -2918,9 +2857,8 @@ async fn check_reset_password_applicable_and_permissions( ) -> EmptyResult { check_reset_password_applicable(org_id, conn).await?; - let target_user = match UserOrganization::find_by_uuid_and_org(org_user_id, org_id, conn).await { - Some(user) => user, - None => err!("Reset target user not found"), + let Some(target_user) = UserOrganization::find_by_uuid_and_org(org_user_id, org_id, conn).await else { + err!("Reset target user not found") }; // Resetting user must be higher/equal to user to reset @@ -2936,9 +2874,8 @@ async fn check_reset_password_applicable(org_id: &str, conn: &mut DbConn) -> Emp err!("Password reset is not supported on an email-disabled instance."); } - let policy = match OrgPolicy::find_by_org_and_type(org_id, OrgPolicyType::ResetPassword, conn).await { - Some(p) => p, - None => err!("Policy not found"), + let Some(policy) = OrgPolicy::find_by_org_and_type(org_id, OrgPolicyType::ResetPassword, conn).await else { + err!("Policy not found") }; if !policy.enabled { @@ -2956,9 +2893,8 @@ async fn put_reset_password_enrollment( data: Json<OrganizationUserResetPasswordEnrollmentRequest>, mut conn: DbConn, ) -> EmptyResult { - let mut org_user = match UserOrganization::find_by_user_and_org(&headers.user.uuid, org_id, &mut conn).await { - Some(u) => u, - None => err!("User to enroll isn't member of required organization"), + let Some(mut org_user) = UserOrganization::find_by_user_and_org(&headers.user.uuid, org_id, &mut conn).await else { + err!("User to enroll isn't member of required organization") }; check_reset_password_applicable(org_id, &mut conn).await?; |