diff options
| author | Stefan Melmuk <[email protected]> | 2022-10-07 07:26:53 +0200 |
|---|---|---|
| committer | Stefan Melmuk <[email protected]> | 2022-10-19 22:44:17 +0200 |
| commit | 64ae5d4f8188b16a51fe7d96a023d08fc0e13c69 (patch) | |
| tree | bcd64018f354c281352a59587b3708fcf4898be9 /src | |
| parent | ff7e22c08a0aae8941134a6ac4dd9307aa30699a (diff) | |
| download | vaultwarden-64ae5d4f8188b16a51fe7d96a023d08fc0e13c69.tar.gz vaultwarden-64ae5d4f8188b16a51fe7d96a023d08fc0e13c69.zip | |
verify email on registration via invite link
if `SIGNUPS_VERIFY` is enabled new users that have been invited have
their onboarding flow interrupted because they have to first verify
their mail address before they can join an organization.
we can skip the extra verication of the email address when signing up
because a valid invitation token already means that the email address is
working and we don't allow invited users to signup with a different
address.
unfortunately, this is not possible with emergency access invitations
at the moment as they are handled differently.
Diffstat (limited to 'src')
| -rw-r--r-- | src/api/core/accounts.rs | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index df8bfccf..252c2c99 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -98,8 +98,10 @@ async fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> JsonResult { let password_hint = clean_password_hint(&data.MasterPasswordHint); enforce_password_hint_setting(&password_hint)?; + let mut verified_by_invite = false; + let mut user = match User::find_by_mail(&email, &conn).await { - Some(user) => { + Some(mut user) => { if !user.password_hash.is_empty() { err!("Registration not allowed or user already exists") } @@ -107,6 +109,9 @@ async fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> JsonResult { if let Some(token) = data.Token { let claims = decode_invite(&token)?; if claims.email == email { + // Verify the email address when signing up via a valid invite token + verified_by_invite = true; + user.verified_at = Some(Utc::now().naive_utc()); user } else { err!("Registration email does not match invite email") @@ -163,7 +168,7 @@ async fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> JsonResult { } if CONFIG.mail_enabled() { - if CONFIG.signups_verify() { + if CONFIG.signups_verify() && !verified_by_invite { if let Err(e) = mail::send_welcome_must_verify(&user.email, &user.uuid).await { error!("Error sending welcome email: {:#?}", e); } |