Merge pull request #3632 from sirux88/fix-reset-password-check-issue

fix missing password check while manual reset password enrollment
pull/3651/head
Daniel García 1 year ago committed by GitHub
commit 814ce9a6ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -2675,6 +2675,7 @@ async fn delete_group_user(
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct OrganizationUserResetPasswordEnrollmentRequest { struct OrganizationUserResetPasswordEnrollmentRequest {
ResetPasswordKey: Option<String>, ResetPasswordKey: Option<String>,
MasterPasswordHash: Option<String>,
} }
#[derive(Deserialize)] #[derive(Deserialize)]
@ -2856,6 +2857,17 @@ async fn put_reset_password_enrollment(
err!("Reset password can't be withdrawed due to an enterprise policy"); err!("Reset password can't be withdrawed due to an enterprise policy");
} }
if reset_request.ResetPasswordKey.is_some() {
match reset_request.MasterPasswordHash {
Some(password) => {
if !headers.user.check_valid_password(&password) {
err!("Invalid or wrong password")
}
}
None => err!("No password provided"),
};
}
org_user.reset_password_key = reset_request.ResetPasswordKey; org_user.reset_password_key = reset_request.ResetPasswordKey;
org_user.save(&mut conn).await?; org_user.save(&mut conn).await?;

Loading…
Cancel
Save