Update admin page to work with new invitation flow

pull/323/head
Nick Fox 6 years ago
parent 736c0e62f2
commit cec28a85ac
No known key found for this signature in database
GPG Key ID: 82719985805A7CA8

@ -4,6 +4,8 @@ use serde_json::Value;
use crate::api::{JsonResult, JsonUpcase}; use crate::api::{JsonResult, JsonUpcase};
use crate::CONFIG; use crate::CONFIG;
use crate::auth::{encode_jwt, generate_invite_claims};
use crate::mail;
use crate::db::models::*; use crate::db::models::*;
use crate::db::DbConn; use crate::db::DbConn;
@ -31,7 +33,7 @@ fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult {
#[post("/invite", data = "<data>")] #[post("/invite", data = "<data>")]
fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult { fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
let data: InviteData = data.into_inner().data; let data: InviteData = data.into_inner().data;
let email = data.Email.clone();
if User::find_by_mail(&data.Email, &conn).is_some() { if User::find_by_mail(&data.Email, &conn).is_some() {
err!("User already exists") err!("User already exists")
} }
@ -43,7 +45,21 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
let mut invitation = Invitation::new(data.Email); let mut invitation = Invitation::new(data.Email);
invitation.save(&conn)?; invitation.save(&conn)?;
// TODO: Might want to send an email? if let Some(ref mail_config) = CONFIG.mail {
let mut user = User::new(email);
user.save(&conn)?;
let org_id = String::from("00000000-0000-0000-0000-000000000000");
let claims = generate_invite_claims(
user.uuid.to_string(),
user.email.clone(),
org_id.clone(),
None,
None,
);
let org_name = "bitwarden_rs";
let invite_token = encode_jwt(&claims);
mail::send_invite(&user.email, &org_id, &user.uuid, &invite_token, &org_name, mail_config)?;
}
Ok(Json(json!({}))) Ok(Json(json!({})))
} }

@ -7,14 +7,12 @@ use crate::db::DbConn;
use crate::CONFIG; use crate::CONFIG;
use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType}; use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
use crate::auth::{decode_invite_jwt, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders, JWT_ISSUER}; use crate::auth::{decode_invite_jwt, generate_invite_claims, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders};
use crate::mail; use crate::mail;
use serde::{Deserialize, Deserializer}; use serde::{Deserialize, Deserializer};
use chrono::{Duration, Utc};
use rocket::Route; use rocket::Route;
pub fn routes() -> Vec<Route> { pub fn routes() -> Vec<Route> {
@ -513,19 +511,10 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
user.email.clone(), user.email.clone(),
org_id.clone(), org_id.clone(),
Some(new_user.uuid.clone()), Some(new_user.uuid.clone()),
headers.user.email.clone(), Some(headers.user.email.clone()),
); );
let invite_token = encode_jwt(&claims); let invite_token = encode_jwt(&claims);
let subject = format!("Join {}", &org_name); mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?;
let body = format!(
"<html>
<p>You have been invited to join the <b>{}</b> organization.<br><br>
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
</html>",
org_name, CONFIG.domain, org_id, &new_user.uuid, &user.email, org_name, invite_token
);
mail::send_email(&user.email, &subject, &body, mail_config)?;
} }
} }
@ -566,20 +555,18 @@ fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn:
user.email.clone(), user.email.clone(),
org_id.clone(), org_id.clone(),
Some(user_org.uuid.clone()), Some(user_org.uuid.clone()),
headers.user.email.clone(), Some(headers.user.email.clone()),
); );
let invite_token = encode_jwt(&claims); let invite_token = encode_jwt(&claims);
if let Some(ref mail_config) = CONFIG.mail { if let Some(ref mail_config) = CONFIG.mail {
let subject = format!("Join {}", &org_name); mail::send_invite(
let body = format!( &user.email,
"<html> &org_id,
<p>You have been invited to join the <b>{}</b> organization.<br><br> &user_org.uuid,
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p> &invite_token,
<p>If you do not wish to join this organization, you can safely ignore this email.</p> &org_name,
</html>", mail_config,
org_name, CONFIG.domain, org_id, user_org.uuid, &user.email, org_name, invite_token )?;
);
mail::send_email(&user.email, &subject, &body, mail_config)?;
} }
Ok(()) Ok(())
@ -591,25 +578,6 @@ struct AcceptData {
Token: String, Token: String,
} }
fn generate_invite_claims(uuid: String,
email: String,
org_id: String,
org_user_id: Option<String>,
inviter_email: String,
) -> InviteJWTClaims {
let time_now = Utc::now().naive_utc();
InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: uuid.clone(),
email: email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
inviter_email: inviter_email.clone(),
}
}
#[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")] #[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")]
fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult { fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead // The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
@ -639,14 +607,15 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
if let Some(ref mail_config) = CONFIG.mail { if let Some(ref mail_config) = CONFIG.mail {
let org_name = match Organization::find_by_uuid(&claims.org_id, &conn) { let org_name = match Organization::find_by_uuid(&claims.org_id, &conn) {
Some(org) => org.name, Some(org) => org.name,
None => err!("Error looking up organization."), None => String::from("bitwarden_rs"),
}; };
let subject = "Invitation accepted"; if claims.invited_by_email.is_some() {
let body = format!( // User was invited to an organization, so they must be confirmed manually after acceptance
"<html> mail::send_invite_accepted(&claims.email, &claims.invited_by_email.unwrap(), &org_name, mail_config)?;
<p>Your invitation to <b>{}</b> to join <b>{}</b> was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.</p> } else {
</html>", claims.email, org_name); // User was invited from /admin, so they are automatically confirmed
mail::send_email(&claims.inviter_email, &subject, &body, mail_config)?; mail::send_invite_confirmed(&claims.email, &org_name, mail_config)?;
}
} }
Ok(()) Ok(())
@ -690,12 +659,7 @@ fn confirm_invite(
Some(user) => user.email, Some(user) => user.email,
None => err!("Error looking up user."), None => err!("Error looking up user."),
}; };
let subject = format!("Invitation to {} confirmed", org_name); mail::send_invite_confirmed(&address, &org_name, mail_config)?;
let body = format!(
"<html>
<p>Your invitation to join <b>{}</b> was accepted. It will now appear under the Organizations the next time you log into the web vault.</p>
</html>", org_name);
mail::send_email(&address, &subject, &body, mail_config)?;
} }
user_to_confirm.save(&conn) user_to_confirm.save(&conn)

@ -2,7 +2,7 @@
// JWT Handling // JWT Handling
// //
use crate::util::read_file; use crate::util::read_file;
use chrono::Duration; use chrono::{Duration, Utc};
use jsonwebtoken::{self, Algorithm, Header}; use jsonwebtoken::{self, Algorithm, Header};
use serde::ser::Serialize; use serde::ser::Serialize;
@ -118,7 +118,26 @@ pub struct InviteJWTClaims {
pub email: String, pub email: String,
pub org_id: String, pub org_id: String,
pub user_org_id: Option<String>, pub user_org_id: Option<String>,
pub inviter_email: String, pub invited_by_email: Option<String>,
}
pub fn generate_invite_claims(uuid: String,
email: String,
org_id: String,
org_user_id: Option<String>,
invited_by_email: Option<String>,
) -> InviteJWTClaims {
let time_now = Utc::now().naive_utc();
InviteJWTClaims {
nbf: time_now.timestamp(),
exp: (time_now + Duration::days(5)).timestamp(),
iss: JWT_ISSUER.to_string(),
sub: uuid.clone(),
email: email.clone(),
org_id: org_id.clone(),
user_org_id: org_user_id.clone(),
invited_by_email: invited_by_email.clone(),
}
} }
// //

@ -5,6 +5,7 @@ use lettre_email::EmailBuilder;
use native_tls::{Protocol, TlsConnector}; use native_tls::{Protocol, TlsConnector};
use crate::MailConfig; use crate::MailConfig;
use crate::CONFIG;
use crate::api::EmptyResult; use crate::api::EmptyResult;
use crate::error::Error; use crate::error::Error;
@ -52,21 +53,66 @@ pub fn send_password_hint(address: &str, hint: Option<String>, config: &MailConf
) )
}; };
let email = EmailBuilder::new() send_email(&address, &subject, &body, &config)
.to(address) }
.from((config.smtp_from.clone(), "Bitwarden-rs"))
.subject(subject)
.body(body)
.build()
.map_err(|e| Error::new("Error building hint email", e.to_string()))?;
mailer(config) pub fn send_invite(
.send(email.into()) address: &str,
.map_err(|e| Error::new("Error sending hint email", e.to_string())) org_id: &str,
.and(Ok(())) org_user_id: &str,
token: &str,
org_name: &str,
config: &MailConfig,
) -> EmptyResult {
let (subject, body) = {
(format!("Join {}", &org_name),
format!(
"<html>
<p>You have been invited to join the <b>{}</b> organization.<br><br>
<a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
<p>If you do not wish to join this organization, you can safely ignore this email.</p>
</html>",
org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token
))
};
send_email(&address, &subject, &body, &config)
}
pub fn send_invite_accepted(
new_user_email: &str,
address: &str,
org_name: &str,
config: &MailConfig,
) -> EmptyResult {
let (subject, body) = {
("Invitation accepted",
format!(
"<html>
<p>Your invitation to <b>{}</b> to join <b>{}</b> was accepted. Please log in to the bitwarden_rs server and confirm them from the organization management page.</p>
</html>", new_user_email, org_name))
};
send_email(&address, &subject, &body, &config)
}
pub fn send_invite_confirmed(
address: &str,
org_name: &str,
config: &MailConfig,
) -> EmptyResult {
let (subject, body) = {
(format!("Invitation to {} confirmed", org_name),
format!(
"<html>
<p>Your invitation to join <b>{}</b> was accepted. It will now appear under the Organizations the next time you log into the web vault.</p>
</html>", org_name))
};
send_email(&address, &subject, &body, &config)
} }
pub fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult { fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult {
let email = EmailBuilder::new() let email = EmailBuilder::new()
.to(address) .to(address)
.from((config.smtp_from.clone(), "Bitwarden-rs")) .from((config.smtp_from.clone(), "Bitwarden-rs"))

Loading…
Cancel
Save