Skip to content

Commit

Permalink
added password check for manual reset
Browse files Browse the repository at this point in the history 
password enrollment endpoint
  • Loading branch information
@sirux88 @BlackDex
sirux88 authored and BlackDex committed Jul 3, 2023
1 parent 19e671f commit 5d0a2c1
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions src/api/core/organizations.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2668,6 +2668,7 @@ async fn delete_group_user(
#[allow(non_snake_case)]
struct OrganizationUserResetPasswordEnrollmentRequest {
ResetPasswordKey: Option<String>,
MasterPasswordHash: Option<String>,
}

#[derive(Deserialize)]
Expand Down Expand Up @@ -2849,6 +2850,19 @@ async fn put_reset_password_enrollment(
err!("Reset password can't be withdrawed due to an enterprise policy");
}

let user = headers.user;

if reset_request.ResetPasswordKey.is_some() {
match reset_request.MasterPasswordHash {
Some(password) => {
if !user.check_valid_password(&password) {
err!("Invalid or wrong password")
}
}
None => err!("No password provided"),
};
}

org_user.reset_password_key = reset_request.ResetPasswordKey;
org_user.save(&mut conn).await?;

Expand All @@ -2858,8 +2872,7 @@ async fn put_reset_password_enrollment(
EventType::OrganizationUserResetPasswordWithdraw as i32
};

log_event(log_id, org_user_id, org_id, headers.user.uuid.clone(), headers.device.atype, &headers.ip.ip, &mut conn)
.await;
log_event(log_id, org_user_id, org_id, user.uuid.clone(), headers.device.atype, &headers.ip.ip, &mut conn).await;

Ok(())
}
Expand Down

0 comments on commit 5d0a2c1

Please sign in to comment.