added password check for manual reset
password enrollment endpoint
This commit is contained in:
parent
19e671ff25
commit
9876aedd67
|
@ -2668,6 +2668,7 @@ async fn delete_group_user(
|
||||||
#[allow(non_snake_case)]
|
#[allow(non_snake_case)]
|
||||||
struct OrganizationUserResetPasswordEnrollmentRequest {
|
struct OrganizationUserResetPasswordEnrollmentRequest {
|
||||||
ResetPasswordKey: Option<String>,
|
ResetPasswordKey: Option<String>,
|
||||||
|
MasterPasswordHash: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Deserialize)]
|
#[derive(Deserialize)]
|
||||||
|
@ -2849,6 +2850,19 @@ async fn put_reset_password_enrollment(
|
||||||
err!("Reset password can't be withdrawed due to an enterprise policy");
|
err!("Reset password can't be withdrawed due to an enterprise policy");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let user = headers.user;
|
||||||
|
|
||||||
|
if reset_request.ResetPasswordKey.is_some() {
|
||||||
|
match reset_request.MasterPasswordHash {
|
||||||
|
Some(password) => {
|
||||||
|
if !user.check_valid_password(&password) {
|
||||||
|
err!("Invalid or wrong password")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
None => err!("No password provided"),
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
org_user.reset_password_key = reset_request.ResetPasswordKey;
|
org_user.reset_password_key = reset_request.ResetPasswordKey;
|
||||||
org_user.save(&mut conn).await?;
|
org_user.save(&mut conn).await?;
|
||||||
|
|
||||||
|
@ -2858,8 +2872,7 @@ async fn put_reset_password_enrollment(
|
||||||
EventType::OrganizationUserResetPasswordWithdraw as i32
|
EventType::OrganizationUserResetPasswordWithdraw as i32
|
||||||
};
|
};
|
||||||
|
|
||||||
log_event(log_id, org_user_id, org_id, headers.user.uuid.clone(), headers.device.atype, &headers.ip.ip, &mut conn)
|
log_event(log_id, org_user_id, org_id, user.uuid.clone(), headers.device.atype, &headers.ip.ip, &mut conn).await;
|
||||||
.await;
|
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue