saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-06-21 19:00:08 +00:00
Code Activity

More authrequest fixes (#5176)

Browse source
This commit is contained in:
Daniel García 2024-11-11 20:13:02 +01:00 committed by GitHub
parent d0581da638
commit 37c14c3c69
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 47 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/api/core/accounts.rs
View file

@ -1136,15 +1136,15 @@ async fn post_auth_request(
#[get("/auth-requests/<uuid>")]
async fn get_auth_request(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
if headers.user.uuid != uuid {
err!("AuthRequest doesn't exist", "User uuid's do not match")
}
let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await {
Some(auth_request) => auth_request,
None => err!("AuthRequest doesn't exist", "Record not found"),
};
if headers.user.uuid != auth_request.user_uuid {
err!("AuthRequest doesn't exist", "User uuid's do not match")
}
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date));
Ok(Json(json!({
@ -1190,15 +1190,18 @@ async fn put_auth_request(
err!("AuthRequest doesn't exist", "User uuid's do not match")
}
auth_request.approved = Some(data.request_approved);
auth_request.enc_key = Some(data.key);
auth_request.master_password_hash = data.master_password_hash;
auth_request.response_device_id = Some(data.device_identifier.clone());
auth_request.save(&mut conn).await?;
if data.request_approved {
auth_request.approved = Some(data.request_approved);
auth_request.enc_key = Some(data.key);
auth_request.master_password_hash = data.master_password_hash;
auth_request.response_device_id = Some(data.device_identifier.clone());
auth_request.save(&mut conn).await?;
if auth_request.approved.unwrap_or(false) {
ant.send_auth_response(&auth_request.user_uuid, &auth_request.uuid).await;
nt.send_auth_response(&auth_request.user_uuid, &auth_request.uuid, data.device_identifier, &mut conn).await;
} else {
// If denied, there's no reason to keep the request
auth_request.delete(&mut conn).await?;
}
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date));