aboutsummaryrefslogtreecommitdiff
path: root/src/db/models/emergency_access.rs
diff options
context:
space:
mode:
authorMathijs van Veluw <[email protected]>2024-07-08 23:39:22 +0200
committerGitHub <[email protected]>2024-07-08 23:39:22 +0200
commitd04b94b77d95a9968f61f71969f65aaaa8a496d6 (patch)
treea22e58e397ece1318ffc2d7454e40d4ec137b3fb /src/db/models/emergency_access.rs
parent247d0706fff61b9f8c227c5e852f9055709bdd43 (diff)
downloadvaultwarden-d04b94b77d95a9968f61f71969f65aaaa8a496d6.tar.gz
vaultwarden-d04b94b77d95a9968f61f71969f65aaaa8a496d6.zip
Some fixes for emergency access (#4715)1.31.0
- Add missing `Headers` parameter for some functions This allowed any request from allowing these endpoints by not validating the user correctly. - Changed the functions to retreive the emergency access record by using the user uuid which calls the endpoint, instead of validating afterwards. This is more secure and prevents the need of an if check.
Diffstat (limited to 'src/db/models/emergency_access.rs')
-rw-r--r--src/db/models/emergency_access.rs29
1 files changed, 20 insertions, 9 deletions
diff --git a/src/db/models/emergency_access.rs b/src/db/models/emergency_access.rs
index b5e4eb86..ecfe86fe 100644
--- a/src/db/models/emergency_access.rs
+++ b/src/db/models/emergency_access.rs
@@ -238,15 +238,6 @@ impl EmergencyAccess {
}}
}
- pub async fn find_by_uuid(uuid: &str, conn: &mut DbConn) -> Option<Self> {
- db_run! { conn: {
- emergency_access::table
- .filter(emergency_access::uuid.eq(uuid))
- .first::<EmergencyAccessDb>(conn)
- .ok().from_db()
- }}
- }
-
pub async fn find_by_grantor_uuid_and_grantee_uuid_or_email(
grantor_uuid: &str,
grantee_uuid: &str,
@@ -281,6 +272,26 @@ impl EmergencyAccess {
}}
}
+ pub async fn find_by_uuid_and_grantee_uuid(uuid: &str, grantee_uuid: &str, conn: &mut DbConn) -> Option<Self> {
+ db_run! { conn: {
+ emergency_access::table
+ .filter(emergency_access::uuid.eq(uuid))
+ .filter(emergency_access::grantee_uuid.eq(grantee_uuid))
+ .first::<EmergencyAccessDb>(conn)
+ .ok().from_db()
+ }}
+ }
+
+ pub async fn find_by_uuid_and_grantee_email(uuid: &str, grantee_email: &str, conn: &mut DbConn) -> Option<Self> {
+ db_run! { conn: {
+ emergency_access::table
+ .filter(emergency_access::uuid.eq(uuid))
+ .filter(emergency_access::email.eq(grantee_email))
+ .first::<EmergencyAccessDb>(conn)
+ .ok().from_db()
+ }}
+ }
+
pub async fn find_all_by_grantee_uuid(grantee_uuid: &str, conn: &mut DbConn) -> Vec<Self> {
db_run! { conn: {
emergency_access::table