Merge e617630f50 into 2ad33ec97f

Update Crate and Rust (#4522 )
* Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-05-20 07:50:05 +02:00 · 2024-04-27 07:04:33 +08:00 · 2024-04-27 00:53:42 +02:00 · 2024-04-04 22:13:03 +02:00 · 2024-04-04 22:13:03 +02:00 · 2024-04-04 22:13:01 +02:00
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -46,7 +46,7 @@ jobs:
    steps:
      # Checkout the repo
      - name: "Checkout"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b #v4.1.4
      # End Checkout the repo
@ -74,7 +74,7 @@ jobs:
      # Only install the clippy and rustfmt components on the default rust-toolchain
      - name: "Install rust-toolchain version"
-        uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # master @ 2023-12-07 - 10:22 PM GMT+1
+        uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # master @ Apr 14, 2024, 9:02 PM GMT+2
        if: ${{ matrix.channel == 'rust-toolchain' }}
        with:
          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
@ -84,7 +84,7 @@ jobs:
      # Install the any other channel to be used for which we do not execute clippy and rustfmt
      - name: "Install MSRV version"
-        uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # master @ 2023-12-07 - 10:22 PM GMT+1
+        uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # master @ Apr 14, 2024, 9:02 PM GMT+2
        if: ${{ matrix.channel != 'rust-toolchain' }}
        with:
          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
--- a/.github/workflows/hadolint.yml
+++ b/.github/workflows/hadolint.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      # Checkout the repo
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      # End Checkout the repo
      # Download hadolint - https://github.com/hadolint/hadolint/releases
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -58,7 +58,7 @@ jobs:
    steps:
      # Checkout the repo
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          fetch-depth: 0
@ -69,11 +69,11 @@ jobs:
      # Start Docker Buildx
      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
        # https://github.com/moby/buildkit/issues/3969
        # Also set max parallelism to 2, the default of 4 breaks GitHub Actions
        with:
-          config-inline: |
+          buildkitd-config-inline: |
            [worker.oci]
              max-parallelism = 2
          driver-opts: |
@ -102,7 +102,7 @@ jobs:
      # Login to Docker Hub
      - name: Login to Docker Hub
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
@ -116,7 +116,7 @@ jobs:
      # Login to GitHub Container Registry
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@ -137,7 +137,7 @@ jobs:
      # Login to Quay.io
      - name: Login to Quay.io
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
@ -171,7 +171,7 @@ jobs:
          echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/vaultwarden/server" | tee -a "${GITHUB_ENV}"
      - name: Bake ${{ matrix.base_image }} containers
-        uses: docker/bake-action@849707117b03d39aba7924c50a10376a69e88d7d # v4.1.0
+        uses: docker/bake-action@73b0efa7a0e8ac276e0a8d5c580698a942ff10b5 # v4.4.0
        env:
          BASE_TAGS: "${{ env.BASE_TAGS }}"
          SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}"
@ -229,28 +229,28 @@ jobs:
      # Upload artifacts to Github Actions
      - name: "Upload amd64 artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        if: ${{ matrix.base_image == 'alpine' }}
        with:
          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-amd64
          path: vaultwarden-amd64
      - name: "Upload arm64 artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        if: ${{ matrix.base_image == 'alpine' }}
        with:
          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-arm64
          path: vaultwarden-arm64
      - name: "Upload armv7 artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        if: ${{ matrix.base_image == 'alpine' }}
        with:
          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv7
          path: vaultwarden-armv7
      - name: "Upload armv6 artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        if: ${{ matrix.base_image == 'alpine' }}
        with:
          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv6
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@ -25,10 +25,10 @@ jobs:
      actions: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b #v4.1.4
      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
        with:
          scan-type: repo
          ignore-unfixed: true
@ -37,6 +37,6 @@ jobs:
          severity: CRITICAL,HIGH
      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
+        uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33 # v3.25.3
        with:
          sarif_file: 'trivy-results.sarif'
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -36,7 +36,7 @@ unstable = []
 [target."cfg(not(windows))".dependencies]
 # Logging
-syslog = "6.1.0"
+syslog = "6.1.1"
 [dependencies]
 # Logging
@ -60,7 +60,7 @@ rocket = { version = "0.5.0", features = ["tls", "json"], default-features = fal
 rocket_ws = { version ="0.1.0" }
 # WebSockets libraries
-rmpv = "1.0.1" # MessagePack library
+rmpv = "1.0.2" # MessagePack library
 # Concurrent HashMap used for WebSocket messaging and favicons
 dashmap = "5.5.3"
@ -70,11 +70,11 @@ futures = "0.3.30"
 tokio = { version = "1.37.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
 # A generic serialization/deserialization framework
-serde = { version = "1.0.197", features = ["derive"] }
+serde = { version = "1.0.198", features = ["derive"] }
-serde_json = "1.0.115"
+serde_json = "1.0.116"
 # A safe, extensible ORM and Query builder
-diesel = { version = "2.1.5", features = ["chrono", "r2d2", "numeric"] }
+diesel = { version = "2.1.6", features = ["chrono", "r2d2", "numeric"] }
 diesel_migrations = "2.1.0"
 diesel_logger = { version = "0.3.0", optional = true }
@ -89,12 +89,12 @@ ring = "0.17.8"
 uuid = { version = "1.8.0", features = ["v4"] }
 # Date and time libraries
-chrono = { version = "0.4.37", features = ["clock", "serde"], default-features = false }
+chrono = { version = "0.4.38", features = ["clock", "serde"], default-features = false }
 chrono-tz = "0.9.0"
-time = "0.3.34"
+time = "0.3.36"
 # Job scheduler
-job_scheduler_ng = "2.0.4"
+job_scheduler_ng = "2.0.5"
 # Data encoding library Hex/Base32/Base64
 data-encoding = "2.5.0"
@ -115,7 +115,7 @@ webauthn-rs = "0.3.2"
 url = "2.5.0"
 # Email libraries
-lettre = { version = "0.11.6", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
+lettre = { version = "0.11.7", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
 percent-encoding = "2.3.1" # URL encoding library used for URL's in the emails
 email_address = "0.2.4"
@ -123,7 +123,7 @@ email_address = "0.2.4"
 handlebars = { version = "5.1.2", features = ["dir_source"] }
 # HTTP client (Used for favicons, version check, DUO and HIBP API)
-reqwest = { version = "0.12.3", features = ["native-tls-alpn", "stream", "json", "gzip", "brotli", "socks", "cookies", "hickory-dns"] }
+reqwest = { version = "0.12.4", features = ["native-tls-alpn", "stream", "json", "gzip", "brotli", "socks", "cookies", "hickory-dns"] }
 # Favicon extraction libraries
 html5gum = "0.5.7"
@ -132,7 +132,7 @@ data-url = "0.3.1"
 bytes = "1.6.0"
 # Cache function results (Used for version check and favicon fetching)
-cached = { version = "0.49.2", features = ["async"] }
+cached = { version = "0.50.0", features = ["async"] }
 # Used for custom short lived cookie jar during favicon extraction
 cookie = "0.18.1"
@ -153,7 +153,7 @@ semver = "1.0.22"
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
-mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true }
+mimalloc = { version = "0.1.41", features = ["secure"], default-features = false, optional = true }
 which = "6.0.1"
 # Argon2 library with support for the PHC format
--- a/docker/DockerSettings.yaml
+++ b/docker/DockerSettings.yaml
@ -1,10 +1,10 @@
 ---
 vault_version: "v2024.3.1"
 vault_image_digest: "sha256:689b1e706f29e1858a5c7e0ec82e40fac793322e5e0ac9102ab09c2620207cd5"
-# Cross Compile Docker Helper Scripts v1.3.0
+# Cross Compile Docker Helper Scripts v1.4.0
 # We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts
-xx_image_digest: "sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc"
+xx_image_digest: "sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4"
-rust_version: 1.77.0 # Rust version to be used
+rust_version: 1.77.2 # Rust version to be used
 debian_version: bookworm # Debian release name to be used
 alpine_version: 3.19 # Alpine version to be used
 # For which platforms/architectures will we try to build images
--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@ -31,10 +31,10 @@ FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:689b1e706f29e
 ########################## ALPINE BUILD IMAGES ##########################
 ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
 ## And for Alpine we define all build images here, they will only be loaded when actually used
-FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.77.0 as build_amd64
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.77.2 as build_amd64
-FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.77.0 as build_arm64
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.77.2 as build_arm64
-FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.77.0 as build_armv7
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.77.2 as build_armv7
-FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.77.0 as build_armv6
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.77.2 as build_armv6
 ########################## BUILD IMAGE ##########################
 # hadolint ignore=DL3006
--- a/docker/Dockerfile.debian
+++ b/docker/Dockerfile.debian
@ -31,11 +31,11 @@ FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:689b1e706f29e
 ########################## Cross Compile Docker Helper Scripts ##########################
 ## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts
 ## And these bash scripts do not have any significant difference if at all
-FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc AS xx
+FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4 AS xx
 ########################## BUILD IMAGE ##########################
 # hadolint ignore=DL3006
-FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.77.0-slim-bookworm as build
+FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.77.2-slim-bookworm as build
 COPY --from=xx / /
 ARG TARGETARCH
 ARG TARGETVARIANT
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@ -1,4 +1,4 @@
 [toolchain]
-channel = "1.77.0"
+channel = "1.77.2"
 components = [ "rustfmt", "clippy" ]
 profile = "minimal"
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@ -166,7 +166,8 @@ pub async fn _register(data: JsonUpcase<RegisterData>, mut conn: DbConn) -> Json
                }
                user
            } else if CONFIG.is_signup_allowed(&email)
-                || EmergencyAccess::find_invited_by_grantee_email(&email, &mut conn).await.is_some()
+                || (CONFIG.emergency_access_allowed()
                    && EmergencyAccess::find_invited_by_grantee_email(&email, &mut conn).await.is_some())
            {
                user
            } else {
@ -217,7 +218,6 @@ pub async fn _register(data: JsonUpcase<RegisterData>, mut conn: DbConn) -> Json
            if let Err(e) = mail::send_welcome_must_verify(&user.email, &user.uuid).await {
                error!("Error sending welcome email: {:#?}", e);
            }
            user.last_verifying_at = Some(user.created_at);
        } else if let Err(e) = mail::send_welcome(&user.email).await {
            error!("Error sending welcome email: {:#?}", e);
@ -229,6 +229,14 @@ pub async fn _register(data: JsonUpcase<RegisterData>, mut conn: DbConn) -> Json
    }
    user.save(&mut conn).await?;
    // accept any open emergency access invitations
    if !CONFIG.mail_enabled() && CONFIG.emergency_access_allowed() {
        for mut emergency_invite in EmergencyAccess::find_all_invited_by_grantee_email(&user.email, &mut conn).await {
            let _ = emergency_invite.accept_invite(&user.uuid, &user.email, &mut conn).await;
        }
    }
    Ok(Json(json!({
      "Object": "register",
      "CaptchaBypassToken": "",
--- a/src/api/core/emergency_access.rs
+++ b/src/api/core/emergency_access.rs
@ -61,7 +61,9 @@ async fn get_contacts(headers: Headers, mut conn: DbConn) -> Json<Value> {
    let emergency_access_list = EmergencyAccess::find_all_by_grantor_uuid(&headers.user.uuid, &mut conn).await;
    let mut emergency_access_list_json = Vec::with_capacity(emergency_access_list.len());
    for ea in emergency_access_list {
-        emergency_access_list_json.push(ea.to_json_grantee_details(&mut conn).await);
+        if let Some(grantee) = ea.to_json_grantee_details(&mut conn).await {
            emergency_access_list_json.push(grantee)
        }
    }
    Json(json!({
@ -95,7 +97,9 @@ async fn get_emergency_access(emer_id: &str, mut conn: DbConn) -> JsonResult {
    check_emergency_access_enabled()?;
    match EmergencyAccess::find_by_uuid(emer_id, &mut conn).await {
-        Some(emergency_access) => Ok(Json(emergency_access.to_json_grantee_details(&mut conn).await)),
+        Some(emergency_access) => Ok(Json(
            emergency_access.to_json_grantee_details(&mut conn).await.expect("Grantee user should exist but does not!"),
        )),
        None => err!("Emergency access not valid."),
    }
 }
@ -209,7 +213,7 @@ async fn send_invite(data: JsonUpcase<EmergencyAccessInviteData>, headers: Heade
        err!("You can not set yourself as an emergency contact.")
    }
-    let grantee_user = match User::find_by_mail(&email, &mut conn).await {
+    let (grantee_user, new_user) = match User::find_by_mail(&email, &mut conn).await {
        None => {
            if !CONFIG.invitations_allowed() {
                err!(format!("Grantee user does not exist: {}", &email))
@ -226,9 +230,10 @@ async fn send_invite(data: JsonUpcase<EmergencyAccessInviteData>, headers: Heade
            let mut user = User::new(email.clone());
            user.save(&mut conn).await?;
-            user
+            (user, true)
        }
-        Some(user) => user,
+        Some(user) if user.password_hash.is_empty() => (user, true),
        Some(user) => (user, false),
    };
    if EmergencyAccess::find_by_grantor_uuid_and_grantee_uuid_or_email(
@ -256,15 +261,9 @@ async fn send_invite(data: JsonUpcase<EmergencyAccessInviteData>, headers: Heade
            &grantor_user.email,
        )
        .await?;
-    } else {
+    } else if !new_user {
-        // Automatically mark user as accepted if no email invites
+        // if mail is not enabled immediately accept the invitation for existing users
-        match User::find_by_mail(&email, &mut conn).await {
+        new_emergency_access.accept_invite(&grantee_user.uuid, &email, &mut conn).await?;
            Some(user) => match accept_invite_process(&user.uuid, &mut new_emergency_access, &email, &mut conn).await {
                Ok(v) => v,
                Err(e) => err!(e.to_string()),
            },
            None => err!("Grantee user not found."),
        }
    }
    Ok(())
@ -308,17 +307,12 @@ async fn resend_invite(emer_id: &str, headers: Headers, mut conn: DbConn) -> Emp
            &grantor_user.email,
        )
        .await?;
-    } else {
+    } else if !grantee_user.password_hash.is_empty() {
-        if Invitation::find_by_mail(&email, &mut conn).await.is_none() {
+        // accept the invitation for existing user
-            let invitation = Invitation::new(&email);
+        emergency_access.accept_invite(&grantee_user.uuid, &email, &mut conn).await?;
-            invitation.save(&mut conn).await?;
+    } else if CONFIG.invitations_allowed() && Invitation::find_by_mail(&email, &mut conn).await.is_none() {
-        }
+        let invitation = Invitation::new(&email);
-
+        invitation.save(&mut conn).await?;
        // Automatically mark user as accepted if no email invites
        match accept_invite_process(&grantee_user.uuid, &mut emergency_access, &email, &mut conn).await {
            Ok(v) => v,
            Err(e) => err!(e.to_string()),
        }
    }
    Ok(())
@ -367,10 +361,7 @@ async fn accept_invite(emer_id: &str, data: JsonUpcase<AcceptData>, headers: Hea
        && grantor_user.name == claims.grantor_name
        && grantor_user.email == claims.grantor_email
    {
-        match accept_invite_process(&grantee_user.uuid, &mut emergency_access, &grantee_user.email, &mut conn).await {
+        emergency_access.accept_invite(&grantee_user.uuid, &grantee_user.email, &mut conn).await?;
            Ok(v) => v,
            Err(e) => err!(e.to_string()),
        }
        if CONFIG.mail_enabled() {
            mail::send_emergency_access_invite_accepted(&grantor_user.email, &grantee_user.email).await?;
@ -382,26 +373,6 @@ async fn accept_invite(emer_id: &str, data: JsonUpcase<AcceptData>, headers: Hea
    }
 }
 async fn accept_invite_process(
    grantee_uuid: &str,
    emergency_access: &mut EmergencyAccess,
    grantee_email: &str,
    conn: &mut DbConn,
 ) -> EmptyResult {
    if emergency_access.email.is_none() || emergency_access.email.as_ref().unwrap() != grantee_email {
        err!("User email does not match invite.");
    }
    if emergency_access.status == EmergencyAccessStatus::Accepted as i32 {
        err!("Emergency contact already accepted.");
    }
    emergency_access.status = EmergencyAccessStatus::Accepted as i32;
    emergency_access.grantee_uuid = Some(String::from(grantee_uuid));
    emergency_access.email = None;
    emergency_access.save(conn).await
 }
 #[derive(Deserialize)]
 #[allow(non_snake_case)]
 struct ConfirmData {
--- a/src/db/models/emergency_access.rs
+++ b/src/db/models/emergency_access.rs
@ -81,25 +81,32 @@ impl EmergencyAccess {
        })
    }
-    pub async fn to_json_grantee_details(&self, conn: &mut DbConn) -> Value {
+    pub async fn to_json_grantee_details(&self, conn: &mut DbConn) -> Option<Value> {
        let grantee_user = if let Some(grantee_uuid) = self.grantee_uuid.as_deref() {
-            Some(User::find_by_uuid(grantee_uuid, conn).await.expect("Grantee user not found."))
+            User::find_by_uuid(grantee_uuid, conn).await.expect("Grantee user not found.")
        } else if let Some(email) = self.email.as_deref() {
-            Some(User::find_by_mail(email, conn).await.expect("Grantee user not found."))
+            match User::find_by_mail(email, conn).await {
                Some(user) => user,
                None => {
                    // remove outstanding invitations which should not exist
                    let _ = Self::delete_all_by_grantee_email(email, conn).await;
                    return None;
                }
            }
        } else {
-            None
+            return None;
        };
-        json!({
+        Some(json!({
            "Id": self.uuid,
            "Status": self.status,
            "Type": self.atype,
            "WaitTimeDays": self.wait_time_days,
-            "GranteeId": grantee_user.as_ref().map_or("", |u| &u.uuid),
+            "GranteeId": grantee_user.uuid,
-            "Email": grantee_user.as_ref().map_or("", |u| &u.email),
+            "Email": grantee_user.email,
-            "Name": grantee_user.as_ref().map_or("", |u| &u.name),
+            "Name": grantee_user.name,
            "Object": "emergencyAccessGranteeDetails",
-        })
+        }))
    }
 }
@ -214,6 +221,13 @@ impl EmergencyAccess {
        Ok(())
    }
    pub async fn delete_all_by_grantee_email(grantee_email: &str, conn: &mut DbConn) -> EmptyResult {
        for ea in Self::find_all_invited_by_grantee_email(grantee_email, conn).await {
            ea.delete(conn).await?;
        }
        Ok(())
    }
    pub async fn delete(self, conn: &mut DbConn) -> EmptyResult {
        User::update_uuid_revision(&self.grantor_uuid, conn).await;
@ -285,6 +299,15 @@ impl EmergencyAccess {
        }}
    }
    pub async fn find_all_invited_by_grantee_email(grantee_email: &str, conn: &mut DbConn) -> Vec<Self> {
        db_run! { conn: {
            emergency_access::table
                .filter(emergency_access::email.eq(grantee_email))
                .filter(emergency_access::status.eq(EmergencyAccessStatus::Invited as i32))
                .load::<EmergencyAccessDb>(conn).expect("Error loading emergency_access").from_db()
        }}
    }
    pub async fn find_all_by_grantor_uuid(grantor_uuid: &str, conn: &mut DbConn) -> Vec<Self> {
        db_run! { conn: {
            emergency_access::table
@ -292,6 +315,21 @@ impl EmergencyAccess {
                .load::<EmergencyAccessDb>(conn).expect("Error loading emergency_access").from_db()
        }}
    }
    pub async fn accept_invite(&mut self, grantee_uuid: &str, grantee_email: &str, conn: &mut DbConn) -> EmptyResult {
        if self.email.is_none() || self.email.as_ref().unwrap() != grantee_email {
            err!("User email does not match invite.");
        }
        if self.status == EmergencyAccessStatus::Accepted as i32 {
            err!("Emergency contact already accepted.");
        }
        self.status = EmergencyAccessStatus::Accepted as i32;
        self.grantee_uuid = Some(String::from(grantee_uuid));
        self.email = None;
        self.save(conn).await
    }
 }
 // endregion
--- a/src/db/models/user.rs
+++ b/src/db/models/user.rs
@ -311,6 +311,7 @@ impl User {
        Send::delete_all_by_user(&self.uuid, conn).await?;
        EmergencyAccess::delete_all_by_user(&self.uuid, conn).await?;
        EmergencyAccess::delete_all_by_grantee_email(&self.email, conn).await?;
        UserOrganization::delete_all_by_user(&self.uuid, conn).await?;
        Cipher::delete_all_by_user(&self.uuid, conn).await?;
        Favorite::delete_all_by_user(&self.uuid, conn).await?;
Autor	SHA1	Nachricht	Datum
Stefan Melmuk	da20a03167	Merge `e617630f50` into `2ad33ec97f`	2024-04-27 07:04:33 +08:00
Mathijs van Veluw	2ad33ec97f	Update Crate and Rust (#4522 ) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions	2024-04-27 00:53:42 +02:00
Stefan Melmuk	e617630f50	improve missing emergency access grantees instead of returning an empty emergency access contact the entry should not be added to the list. also the error handling can be improved a bit.	2024-04-04 22:13:03 +02:00
Stefan Melmuk	ce55f15b7f	delete emergency access invitations if an invited user is deleted in the /admin panel their emergency access invitation will remain in the database which causes the to_json_grantee_details fn to panic	2024-04-04 22:13:03 +02:00
Stefan Melmuk	2487efa015	fix emergency access invites with no mail when mail is disabled instead of accepting emergency access for all invited users automatically, we only accept if the user already exists on registration of a new account any open emergency access invitations will be accepted, if mail is disabled also prevent invited emergency access contacts to register if emergency access is disabled (this is only relevant for when mail is enabled, if mail is disabled they should have an Invitation entry)	2024-04-04 22:13:01 +02:00