Validate JWT if a user registers with SMTP invites enabled

2018-12-20 22:16:41 -05:00 · 2018-12-20 22:16:41 -05:00 · 2cd736ab81
parent 99256b9b3a
commit 2cd736ab81
1 changed files with 24 additions and 7 deletions
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@ -4,7 +4,7 @@ use crate::db::models::*;
 use crate::db::DbConn;

 use crate::api::{EmptyResult, JsonResult, JsonUpcase, NumberOrString, PasswordData, UpdateType, WebSocketUsers};
-use crate::auth::Headers;
+use crate::auth::{Headers, decode_invite_jwt, InviteJWTClaims};
 use crate::mail;

 use crate::CONFIG;
@ -44,6 +44,8 @@ struct RegisterData {
    MasterPasswordHash: String,
    MasterPasswordHint: Option<String>,
    Name: Option<String>,
+    Token: Option<String>,
+    OrganizationUserId: Option<String>,
 }

 #[derive(Deserialize, Debug)]
@ -59,22 +61,37 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {

    let mut user = match User::find_by_mail(&data.Email, &conn) {
        Some(user) => {
-            if CONFIG.mail.is_none() {
-                if Invitation::take(&data.Email, &conn) {
+            if Invitation::find_by_mail(&data.Email, &conn).is_some() {
+                if CONFIG.mail.is_none() {
                    for mut user_org in UserOrganization::find_invited_by_user(&user.uuid, &conn).iter_mut() {
                        user_org.status = UserOrgStatus::Accepted as i32;
                        if user_org.save(&conn).is_err() {
                            err!("Failed to accept user to organization")
                        }
                    }
+                    if !Invitation::take(&data.Email, &conn) {
+                        err!("Error accepting invitation")
+                    }
                    user
-                } else if CONFIG.signups_allowed {
-                    err!("Account with this email already exists")
                } else {
-                    err!("Registration not allowed")
+                    let token = match &data.Token {
+                        Some(token) => token,
+                        None => err!("No valid invite token")
+                    };
+                    let claims: InviteJWTClaims = match decode_invite_jwt(&token) {
+                        Ok(claims) => claims,
+                        Err(msg) => err!("Invalid claim: {:#?}", msg),
+                    };
+                    if &claims.email == &data.Email {
+                        user
+                    } else {
+                        err!("Registration email does not match invite email")
+                    }
                }
+            } else if CONFIG.signups_allowed {
+                    err!("Account with this email already exists")
            } else {
-                user
+                err!("Registration not allowed")
            }
        }
        None => {