vividboarder/bitwarden_rs
1
0
Fork 0
mirror of https://github.com/ViViDboarder/bitwarden_rs.git synced 2024-11-04 20:36:38 +00:00
Code Issues Releases Wiki Activity

Fixing issue #908

Browse Source 
Sometimes an org-uuid is not within the path but in a query value,
This fixes the check for that.
This commit is contained in:
BlackDex 2020-03-19 16:50:47 +01:00
parent b85d548879
commit 669b101e6a
1 changed files with 52 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
src/auth.rs
View File

@ -315,41 +315,60 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
Outcome::Forward(_) => Outcome::Forward(()), Outcome::Forward(_) => Outcome::Forward(()),
Outcome::Failure(f) => Outcome::Failure(f), Outcome::Failure(f) => Outcome::Failure(f),
Outcome::Success(headers) => { Outcome::Success(headers) => {
// org_id is expected to be the second param ("/organizations/<org_id>") // org_id is usually the second param ("/organizations/<org_id>")
match request.get_param::<String>(1) { // But there are cases where it is located in a query value.
Some(Ok(org_id)) => { // First check the param, if this is not a valid uuid, we will try the query value.
let conn = match request.guard::<DbConn>() { let query_org_id = match request.get_query_value::<String>("organizationId") {
Outcome::Success(conn) => conn, Some(Ok(query_org_id)) => { query_org_id }
_ => err_handler!("Error getting DB"), _ => { "".into() }
}; };
let param_org_id = match request.get_param::<String>(1) {
Some(Ok(param_org_id)) => { param_org_id }
_ => { "".into() }
};
let user = headers.user; let org_uuid: _ = match uuid::Uuid::parse_str(&param_org_id) {
let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) { Ok(uuid) => uuid,
Some(user) => { _ => match uuid::Uuid::parse_str(&query_org_id) {
if user.status == UserOrgStatus::Confirmed as i32 { Ok(uuid) => uuid,
user _ => err_handler!("Error getting the organization id"),
} else {
err_handler!("The current user isn't confirmed member of the organization")
}
}
None => err_handler!("The current user isn't member of the organization"),
};
Outcome::Success(Self {
host: headers.host,
device: headers.device,
user,
org_user_type: {
if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) {
org_usr_type
} else {
// This should only happen if the DB is corrupted
err_handler!("Unknown user type in the database")
}
},
})
} }
_ => err_handler!("Error getting the organization id"), };
let org_id: &str = &org_uuid.to_string();
if !org_id.is_empty() {
let conn = match request.guard::<DbConn>() {
Outcome::Success(conn) => conn,
_ => err_handler!("Error getting DB"),
};
let user = headers.user;
let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) {
Some(user) => {
if user.status == UserOrgStatus::Confirmed as i32 {
user
} else {
err_handler!("The current user isn't confirmed member of the organization")
}
}
None => err_handler!("The current user isn't member of the organization"),
};
Outcome::Success(Self {
host: headers.host,
device: headers.device,
user,
org_user_type: {
if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) {
org_usr_type
} else {
// This should only happen if the DB is corrupted
err_handler!("Unknown user type in the database")
}
},
})
} else {
err_handler!("Error getting the organization id")
} }
} }
} }