[PATCH] Some fixes to the Emergency Access PR

- Changed the date of the migration folders to be from this date.
- Removed a lot is_email_domain_allowed checks.
  This check only needs to be done during the invite it self, else
everything else will fail even if a user has an account created via the
/admin interface which bypasses that specific check! Also, the check was
at the wrong place anyway's, since it would only not send out an e-mail,
but would still have allowed an not allowed domain to be used when
e-mail would have been disabled. While that check always works, even if
sending e-mails is disasbled.
- Added an extra allowed route during password/key-rotation change which
updates/checks the public-key afterwards.
- A small change with some `Some` and `None` orders.
- Change the new invite object to only generate the UTC time once, since
it could be possible that there will be a second difference, and we only
need to call it just once.

by black.dex@gmail.com

Signed-off-by: thelittlefireman <thelittlefireman@users.noreply.github.com>

migrations/mysql/2021-02-10-174254_create_emergency_access/down.sql

@@ -1 +0,0 @@
-DROP TABLE emergency_access;

migrations/mysql/2021-08-30-193501_create_emergency_access/down.sql

@@ -0,0 +1 @@
+DROP TABLE emergency_access;

migrations/mysql/2021-08-30-193501_create_emergency_access/up.sql

@@ -11,4 +11,4 @@ CREATE TABLE emergency_access (
   last_notification_at      DATETIME,
   updated_at                DATETIME NOT NULL,
   created_at                DATETIME NOT NULL
-);
+);

migrations/postgresql/2021-02-10-174254_create_emergency_access/down.sql

@@ -1 +0,0 @@
-DROP TABLE emergency_access;

migrations/postgresql/2021-08-30-193501_create_emergency_access/down.sql

@@ -0,0 +1 @@
+DROP TABLE emergency_access;

migrations/postgresql/2021-08-30-193501_create_emergency_access/up.sql

@@ -11,4 +11,4 @@ CREATE TABLE emergency_access (
   last_notification_at      TIMESTAMP,
   updated_at                TIMESTAMP NOT NULL,
   created_at                TIMESTAMP NOT NULL
-);
+);

migrations/sqlite/2021-02-10-174254_create_emergency_access/down.sql

@@ -1 +0,0 @@
-DROP TABLE emergency_access;

migrations/sqlite/2021-08-30-193501_create_emergency_access/down.sql

@@ -0,0 +1 @@
+DROP TABLE emergency_access;

migrations/sqlite/2021-08-30-193501_create_emergency_access/up.sql

@@ -11,4 +11,4 @@ CREATE TABLE emergency_access (
   last_notification_at      DATETIME,
   updated_at                DATETIME NOT NULL,
   created_at                DATETIME NOT NULL
-);
+);

src/api/core/accounts.rs

@@ -239,7 +239,7 @@ fn post_password(data: JsonUpcase<ChangePassData>, headers: Headers, conn: DbCon
 
     user.set_password(
         &data.NewMasterPasswordHash,
-        Some(vec![String::from("post_rotatekey"), String::from("get_contacts")]),
+        Some(vec![String::from("post_rotatekey"), String::from("get_contacts"), String::from("get_public_keys")]),
     );
     user.akey = data.Key;
     user.save(&conn)

src/api/core/emergency_access.rs

@@ -268,13 +268,9 @@ fn resend_invite(emer_id: String, headers: Headers, conn: DbConn) -> EmptyResult
         None => err!("Email not valid."),
     };
 
-    if !CONFIG.is_email_domain_allowed(&email) {
-        err!("Email domain not eligible for invitations.")
-    }
-
     let grantee_user = match User::find_by_mail(&email, &conn) {
-        None => err!("Grantee user not found."),
         Some(user) => user,
+        None => err!("Grantee user not found."),
     };
 
     let grantor_user = headers.user;
@@ -346,10 +342,6 @@ fn accept_invite(emer_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) ->
         }
 
         if CONFIG.mail_enabled() {
-            if !CONFIG.is_email_domain_allowed(&grantor_user.email) {
-                err!("Email domain not valid.")
-            }
-
             mail::send_emergency_access_invite_accepted(&grantor_user.email, &grantee_user.email)?;
         }
 
@@ -428,10 +420,6 @@ fn confirm_emergency_access(
         emergency_access.save(&conn)?;
 
         if CONFIG.mail_enabled() {
-            if !CONFIG.is_email_domain_allowed(&grantee_user.email) {
-                err!("Email domain not valid.")
-            }
-
             mail::send_emergency_access_invite_confirmed(&grantee_user.email, &grantor_user.name)?;
         }
         Ok(Json(emergency_access.to_json()))
@@ -473,10 +461,6 @@ fn initiate_emergency_access(emer_id: String, headers: Headers, conn: DbConn) ->
     emergency_access.save(&conn)?;
 
     if CONFIG.mail_enabled() {
-        if !CONFIG.is_email_domain_allowed(&grantor_user.email) {
-            err!("Email domain not valid.")
-        }
-
         mail::send_emergency_access_recovery_initiated(
             &grantor_user.email,
             &initiating_user.name,
@@ -518,10 +502,6 @@ fn approve_emergency_access(emer_id: String, headers: Headers, conn: DbConn) ->
         emergency_access.save(&conn)?;
 
         if CONFIG.mail_enabled() {
-            if !CONFIG.is_email_domain_allowed(&grantee_user.email) {
-                err!("Email domain not valid.")
-            }
-
             mail::send_emergency_access_recovery_approved(&grantee_user.email, &grantor_user.name)?;
         }
         Ok(Json(emergency_access.to_json()))
@@ -563,10 +543,6 @@ fn reject_emergency_access(emer_id: String, headers: Headers, conn: DbConn) -> J
         emergency_access.save(&conn)?;
 
         if CONFIG.mail_enabled() {
-            if !CONFIG.is_email_domain_allowed(&grantee_user.email) {
-                err!("Email domain not valid.")
-            }
-
             mail::send_emergency_access_recovery_rejected(&grantee_user.email, &grantor_user.name)?;
         }
         Ok(Json(emergency_access.to_json()))
@@ -764,10 +740,6 @@ pub fn emergency_request_timeout_job(pool: DbPool) {
                         User::find_by_uuid(&emer.grantee_uuid.clone().expect("Grantee user invalid."), &conn)
                             .expect("Grantee user not found.");
 
-                    if !CONFIG.is_email_domain_allowed(&grantor_user.email) {
-                        error!("Email domain not valid.")
-                    }
-
                     mail::send_emergency_access_recovery_timed_out(
                         &grantor_user.email,
                         &grantee_user.name.clone(),
@@ -775,10 +747,6 @@ pub fn emergency_request_timeout_job(pool: DbPool) {
                     )
                     .expect("Error on sending email");
 
-                    if !CONFIG.is_email_domain_allowed(&grantee_user.email) {
-                        error!("Email not valid.")
-                    }
-
                     mail::send_emergency_access_recovery_approved(&grantee_user.email, &grantor_user.name.clone())
                         .expect("Error on sending email");
                 }
@@ -816,10 +784,6 @@ pub fn emergency_notification_reminder_job(pool: DbPool) {
                     // get grantor user to send Accepted email
                     let grantor_user = User::find_by_uuid(&emer.grantor_uuid, &conn).expect("Grantor user not found.");
 
-                    if !CONFIG.is_email_domain_allowed(&grantor_user.email) {
-                        error!("Email not valid.")
-                    }
-
                     // get grantee user to send Accepted email
                     let grantee_user =
                         User::find_by_uuid(&emer.grantee_uuid.clone().expect("Grantee user invalid."), &conn)

src/db/models/emergency_access.rs

@@ -29,6 +29,8 @@ db_object! {
 
 impl EmergencyAccess {
     pub fn new(grantor_uuid: String, email: Option<String>, status: i32, atype: i32, wait_time_days: i32) -> Self {
+        let now = Utc::now().naive_utc();
+
         Self {
             uuid: crate::util::get_uuid(),
             grantor_uuid,
@@ -38,8 +40,8 @@ impl EmergencyAccess {
             atype,
             wait_time_days,
             recovery_initiated_at: None,
-            created_at: Utc::now().naive_utc(),
+            created_at: now,
-            updated_at: Utc::now().naive_utc(),
+            updated_at: now,
             key_encrypted: None,
             last_notification_at: None,
         }