|
|
@ -1079,7 +1079,7 @@ async fn accept_invite(
|
|
|
|
let claims = decode_invite(&data.Token)?;
|
|
|
|
let claims = decode_invite(&data.Token)?;
|
|
|
|
|
|
|
|
|
|
|
|
match User::find_by_mail(&claims.email, &mut conn).await {
|
|
|
|
match User::find_by_mail(&claims.email, &mut conn).await {
|
|
|
|
Some(_) => {
|
|
|
|
Some(user) => {
|
|
|
|
Invitation::take(&claims.email, &mut conn).await;
|
|
|
|
Invitation::take(&claims.email, &mut conn).await;
|
|
|
|
|
|
|
|
|
|
|
|
if let (Some(user_org), Some(org)) = (&claims.user_org_id, &claims.org_id) {
|
|
|
|
if let (Some(user_org), Some(org)) = (&claims.user_org_id, &claims.org_id) {
|
|
|
@ -1103,7 +1103,11 @@ async fn accept_invite(
|
|
|
|
match OrgPolicy::is_user_allowed(&user_org.user_uuid, org_id, false, &mut conn).await {
|
|
|
|
match OrgPolicy::is_user_allowed(&user_org.user_uuid, org_id, false, &mut conn).await {
|
|
|
|
Ok(_) => {}
|
|
|
|
Ok(_) => {}
|
|
|
|
Err(OrgPolicyErr::TwoFactorMissing) => {
|
|
|
|
Err(OrgPolicyErr::TwoFactorMissing) => {
|
|
|
|
err!("You cannot join this organization until you enable two-step login on your user account");
|
|
|
|
if CONFIG.email_2fa_auto_fallback() {
|
|
|
|
|
|
|
|
two_factor::email::activate_email_2fa(&user, &mut conn).await?;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
err!("You cannot join this organization until you enable two-step login on your user account");
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Err(OrgPolicyErr::SingleOrgEnforced) => {
|
|
|
|
Err(OrgPolicyErr::SingleOrgEnforced) => {
|
|
|
|
err!("You cannot join this organization because you are a member of an organization which forbids it");
|
|
|
|
err!("You cannot join this organization because you are a member of an organization which forbids it");
|
|
|
@ -1228,10 +1232,14 @@ async fn _confirm_invite(
|
|
|
|
match OrgPolicy::is_user_allowed(&user_to_confirm.user_uuid, org_id, true, conn).await {
|
|
|
|
match OrgPolicy::is_user_allowed(&user_to_confirm.user_uuid, org_id, true, conn).await {
|
|
|
|
Ok(_) => {}
|
|
|
|
Ok(_) => {}
|
|
|
|
Err(OrgPolicyErr::TwoFactorMissing) => {
|
|
|
|
Err(OrgPolicyErr::TwoFactorMissing) => {
|
|
|
|
err!("You cannot confirm this user because it has no two-step login method activated");
|
|
|
|
if CONFIG.email_2fa_auto_fallback() {
|
|
|
|
|
|
|
|
two_factor::email::find_and_activate_email_2fa(&user_to_confirm.user_uuid, conn).await?;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
err!("You cannot confirm this user because they have not setup 2FA");
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Err(OrgPolicyErr::SingleOrgEnforced) => {
|
|
|
|
Err(OrgPolicyErr::SingleOrgEnforced) => {
|
|
|
|
err!("You cannot confirm this user because it is a member of an organization which forbids it");
|
|
|
|
err!("You cannot confirm this user because they are a member of an organization which forbids it");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -1359,10 +1367,14 @@ async fn edit_user(
|
|
|
|
match OrgPolicy::is_user_allowed(&user_to_edit.user_uuid, org_id, true, &mut conn).await {
|
|
|
|
match OrgPolicy::is_user_allowed(&user_to_edit.user_uuid, org_id, true, &mut conn).await {
|
|
|
|
Ok(_) => {}
|
|
|
|
Ok(_) => {}
|
|
|
|
Err(OrgPolicyErr::TwoFactorMissing) => {
|
|
|
|
Err(OrgPolicyErr::TwoFactorMissing) => {
|
|
|
|
err!("You cannot modify this user to this type because it has no two-step login method activated");
|
|
|
|
if CONFIG.email_2fa_auto_fallback() {
|
|
|
|
|
|
|
|
two_factor::email::find_and_activate_email_2fa(&user_to_edit.user_uuid, &mut conn).await?;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
err!("You cannot modify this user to this type because they have not setup 2FA");
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Err(OrgPolicyErr::SingleOrgEnforced) => {
|
|
|
|
Err(OrgPolicyErr::SingleOrgEnforced) => {
|
|
|
|
err!("You cannot modify this user to this type because it is a member of an organization which forbids it");
|
|
|
|
err!("You cannot modify this user to this type because they are a member of an organization which forbids it");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -2159,10 +2171,14 @@ async fn _restore_organization_user(
|
|
|
|
match OrgPolicy::is_user_allowed(&user_org.user_uuid, org_id, false, conn).await {
|
|
|
|
match OrgPolicy::is_user_allowed(&user_org.user_uuid, org_id, false, conn).await {
|
|
|
|
Ok(_) => {}
|
|
|
|
Ok(_) => {}
|
|
|
|
Err(OrgPolicyErr::TwoFactorMissing) => {
|
|
|
|
Err(OrgPolicyErr::TwoFactorMissing) => {
|
|
|
|
err!("You cannot restore this user because it has no two-step login method activated");
|
|
|
|
if CONFIG.email_2fa_auto_fallback() {
|
|
|
|
|
|
|
|
two_factor::email::find_and_activate_email_2fa(&user_org.user_uuid, conn).await?;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
err!("You cannot restore this user because they have not setup 2FA");
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Err(OrgPolicyErr::SingleOrgEnforced) => {
|
|
|
|
Err(OrgPolicyErr::SingleOrgEnforced) => {
|
|
|
|
err!("You cannot restore this user because it is a member of an organization which forbids it");
|
|
|
|
err!("You cannot restore this user because they are a member of an organization which forbids it");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|