From e50edcadfbfd806bd7c71f87a65c3ce78da91861 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Thu, 6 Oct 2022 21:26:49 +0200 Subject: [PATCH 1/4] v2022.9.2 expects a json response when registering --- src/api/core/accounts.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 35202698..4508c5fd 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -81,7 +81,7 @@ fn enforce_password_hint_setting(password_hint: &Option) -> EmptyResult } #[post("/accounts/register", data = "")] -async fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { +async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { let data: RegisterData = data.into_inner().data; let email = data.Email.to_lowercase(); @@ -178,7 +178,10 @@ async fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { } } - user.save(&conn).await + user.save(&conn).await?; + Ok(Json(json!({ + "registration": "success", + }))) } #[get("/accounts/profile")] From 9132cc4a30eff40e81b7e700c7df45b038f7a38a Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Fri, 7 Oct 2022 06:33:29 +0200 Subject: [PATCH 2/4] return CaptchaBypassToken and register object --- src/api/core/accounts.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 4508c5fd..429768fc 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -180,7 +180,8 @@ async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { user.save(&conn).await?; Ok(Json(json!({ - "registration": "success", + "object": "register", + "CaptchaBypassToken": "", }))) } From 0a0f620d0b7982bd5d57b57fe909c02cb0125b48 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com> Date: Sat, 8 Oct 2022 10:27:33 +0200 Subject: [PATCH 3/4] return "Object" for consistency Co-authored-by: Jeremy Lin --- src/api/core/accounts.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 429768fc..a980271b 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -180,7 +180,7 @@ async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { user.save(&conn).await?; Ok(Json(json!({ - "object": "register", + "Object": "register", "CaptchaBypassToken": "", }))) } From 387b5eb2dd647aeb83bf479f5caca8e62729637e Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Tue, 27 Sep 2022 10:10:09 +0200 Subject: [PATCH 4/4] allow the removal of non-confirmed owners ensure user_to_edit and user_to_delete are actually confirmed users, before checking if they are the last owner of an organization. --- src/api/core/organizations.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 3934de88..dca4f393 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -999,8 +999,11 @@ async fn edit_user( err!("Only Owners can edit Owner users") } - if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner { - // Removing owner permmission, check that there is at least one other confirmed owner + if user_to_edit.atype == UserOrgType::Owner + && new_type != UserOrgType::Owner + && user_to_edit.status == UserOrgStatus::Confirmed as i32 + { + // Removing owner permission, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { err!("Can't delete the last owner") } @@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c err!("Only Owners can delete Admins or Owners") } - if user_to_delete.atype == UserOrgType::Owner { + if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 { // Removing owner, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { err!("Can't delete the last owner")