Merge pull request #3 from shauder/master

Sync working branch with changes in master upstream
2025-06-07 03:23:56 +00:00 · 2018-07-31 12:05:52 -05:00 · 2018-07-31 12:05:52 -05:00 · 34d2648509
commit 34d2648509
parent 01875c395b f39c4fe2f4
5 changed files with 41 additions and 15 deletions
--- a/src/api/web.rs
+++ b/src/api/web.rs
@ -4,7 +4,7 @@ use std::path::{Path, PathBuf};
 use rocket::request::Request;
 use rocket::response::{self, NamedFile, Responder};
 use rocket::response::content::Content;
-use rocket::http::ContentType;
+use rocket::http::{ContentType, Status};
 use rocket::Route;
 use rocket_contrib::{Json, Value};

@ -49,14 +49,19 @@ struct WebHeaders<R>(R);

 impl<'r, R: Responder<'r>> Responder<'r> for WebHeaders<R> {
    fn respond_to(self, req: &Request) -> response::Result<'r> {
-        let mut res = self.0.respond_to(req)?;
+        match self.0.respond_to(req) {
+            Ok(mut res) => {
+                res.set_raw_header("Referrer-Policy", "same-origin");
+                res.set_raw_header("X-Frame-Options", "SAMEORIGIN");
+                res.set_raw_header("X-Content-Type-Options", "nosniff");
+                res.set_raw_header("X-XSS-Protection", "1; mode=block");

-        res.set_raw_header("Referrer-Policy", "same-origin");
-        res.set_raw_header("X-Frame-Options", "SAMEORIGIN");
-        res.set_raw_header("X-Content-Type-Options", "nosniff");
-        res.set_raw_header("X-XSS-Protection", "1; mode=block");
-
-        Ok(res)
+                Ok(res)
+            },
+            Err(_) => {
+                Err(Status::NotFound)
+            }
+        } 
    }
 }

--- a/src/auth.rs
+++ b/src/auth.rs
@ -95,7 +95,7 @@ use rocket::Outcome;
 use rocket::request::{self, Request, FromRequest};

 use db::DbConn;
-use db::models::{User, UserOrganization, UserOrgType, Device};
+use db::models::{User, UserOrganization, UserOrgType, UserOrgStatus, Device};

 pub struct Headers {
    pub host: String,
@ -205,7 +205,13 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
                        };

                        let org_user = match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
-                            Some(user) => user,
+                            Some(user) => {
+                                if user.status == UserOrgStatus::Confirmed as i32 {
+                                    user
+                                } else {
+                                    err_handler!("The current user isn't confirmed member of the organization")
+                                }
+                            }
                            None => err_handler!("The current user isn't member of the organization")
                        };